update: org admin permissions limitations

docs/platform/concepts/permissions.md

@@ -26,10 +26,10 @@ and services within it.
 
 ### Organization roles
 
-|          Console name           |             API name             |                                                                                                                                                                                                                                                Allowed actions                                                                                                                                                                                                                                                 |
-| ------------------------------- | -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Organization member        | None | This is the default role for all organization users. **You cannot grant this role to users.** <br/> <br/> All non-managed organization users can: <ul> <li> Edit their profiles. </li> <li> Create organizations. </li> <li> Leave organizations. </li> <li> Add [allowed authentication methods](/docs/platform/howto/set-authentication-policies). </li> <li> Generate and revoke personal tokens, if allowed by the [authentication policy](/docs/platform/howto/set-authentication-policies). </li> <li> Enable and disable feature previews. </li> </ul> <br/> [Managed users](/docs/platform/concepts/managed-users) have more restrictions. |
-| Admin               | `role:organization:admin` | <ul> <li> Full access to the organization. </li> <li> View and change billing information. </li> <li> Change the authentication policy. </li> <li> Invite, deactivate, and remove organization users. </li> <li> Create, edit, and delete groups. </li> <li> Create and delete application users and their tokens. </li> <li> Add and remove domains. </li> <li> Add, enable, disable, and remove identity providers. </li> </ul>                                                                                                                                                                                            |
+|    Console name     |         API name          |                                                                                                                                                                                                                                                                                                                  Allowed actions                                                                                                                                                                                                                                                                                                                   |
+| ------------------- | ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Organization member | None                      | This is the default role for all organization users. **You cannot grant this role to users.** <br/> <br/> All non-managed organization users can: <ul> <li> Edit their profiles. </li> <li> Create organizations. </li> <li> Leave organizations. </li> <li> Add [allowed authentication methods](/docs/platform/howto/set-authentication-policies). </li> <li> Generate and revoke personal tokens, if allowed by the [authentication policy](/docs/platform/howto/set-authentication-policies). </li> <li> Enable and disable feature previews. </li> </ul> <br/> [Managed users](/docs/platform/concepts/managed-users) have more restrictions. |
+| Admin               | `role:organization:admin` | <ul> <li> Full access to the organization. </li> <li> View and change billing information. </li> <li> Change the authentication policy. </li> <li> Invite, deactivate, and remove organization users. </li> <li> Create, edit, and delete groups. </li> <li> Create and delete application users and their tokens. </li> <li> Add and remove domains. </li> <li> Add, enable, disable, and remove identity providers. </li> </ul> Cannot delete an organization or manage its super admin.                                                                                                                                                         |
 
 ### Organization permissions
 

docs/platform/howto/make-super-admin.md

@@ -10,6 +10,9 @@ The super admin role is a special role that has unrestricted access to an organi
 This role should be limited to as few users as possible for organization setup and emergency use. For daily administrative tasks, assign users the [organization admin role](/docs/platform/concepts/permissions) instead. Aiven also highly recommends enabling [two-factor authentication](/docs/platform/howto/user-2fa) for super admin.
 :::
 
+Only super admin can grant or revoke super admin privileges for other users. Super admin
+are also the only users that can delete an organization.
+
 To make a user a super admin:
 
 1.  In the organization, click **Admin**.