diff --git a/docs/platform/concepts/permissions.md b/docs/platform/concepts/permissions.md
index 81950a284..7939e8496 100644
--- a/docs/platform/concepts/permissions.md
+++ b/docs/platform/concepts/permissions.md
@@ -20,20 +20,20 @@ Permissions are not yet fully supported in the Aiven Console. They are intended
 use with the Aiven API, Aiven Provider for Terraform, and Aiven Operator for Kubernetes.
 :::
 
-## Organization roles
+## Organization roles and permissions
 
-You can grant the following roles to principals at the organization level. The permissions
-for each role apply to the organization and all units, projects, and services within it.
+You can grant the following roles and permissions to principals at the organization level.
+Roles and permissions at this level apply to the organization and all units, projects,
+and services within it.
+
+### Organization roles
 
 |    Console name     |          API name          |                                                                                                                                                                                                                                           Permissions                                                                                                                                                                                                                                           |
 | ------------------- | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | Admin               | `role:organization:admin`  | <ul> <li> Full access to the organization. </li> <li> View and change billing information. </li> <li> Change the authentication policy. </li> <li> Invite, deactivate, and remove organization users. </li> <li> Create, edit, and delete groups. </li> <li> Create and delete application users and their tokens. </li> <li> Add and remove domains. </li> <li> Add, enable, disable, and remove identity providers. </li> </ul>                                                               |
 | Organization member | `role:organization:member` | Non-managed users can: <ul> <li> Edit their profiles. </li> <li> Create organizations. </li> <li> Leave organizations. </li> <li> Add [allowed authentication methods](/docs/platform/howto/set-authentication-policies). </li> <li> Generate and revoke personal tokens, if allowed by the [authentication policy](/docs/platform/howto/set-authentication-policies). </li> <li> Enable and disable feature previews. </li> </ul> This is the default role assigned to all organization users. |
 
-## Organization permissions
-
-You can grant the following permissions to principals. The actions listed for each
-permission apply to the organization and all units, projects, and services within it.
+### Organization permissions
 
 |          Console name           |             API name             |                                                                                                                                 Allowed actions                                                                                                                                 |
 | ------------------------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -52,10 +52,11 @@ permission apply to the organization and all units, projects, and services withi
 | Manage projects                 | `organization:projects:write`    | <ul> <li> Create and delete projects. </li> <li> Change the billing group the project is assigned to. </li> <li> Move a project to another organization or unit. </li> <li> Add and remove project tags. </li> </ul> No access to other project settings or services. |
 
 
-## Project roles
+## Project roles and permissions
+You can grant the following permissions to principals. Roles and permissions granted at
+this level apply to the project and all services within it.
 
-You can grant the following roles for projects to principals. The permissions for each
-role apply to the project and all services within it.
+### Project roles
 
 | Console name |  API name   |                                                                                                                                                       Permissions                                                                                                                                                       |
 | ------------ | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -67,10 +68,7 @@ role apply to the project and all services within it.
 Project admin do not have access to organization settings such as billing unless
 they are also a [super admin](/docs/platform/howto/make-super-admin).
 
-## Project and service permissions
-
-You can grant the following permissions to principals. The actions listed for each
-permission apply to the project and all services within it.
+### Project permissions
 
 |       Console name        |          API name           |                                          Allowed actions                                          |
 | ------------------------- | --------------------------- | ------------------------------------------------------------------------------------------------- |
