diff --git a/docs/pages/access-controls/guides/moderated-sessions.mdx b/docs/pages/access-controls/guides/moderated-sessions.mdx
index 1c2a621044164..442b1d2ced0a8 100644
--- a/docs/pages/access-controls/guides/moderated-sessions.mdx
+++ b/docs/pages/access-controls/guides/moderated-sessions.mdx
@@ -148,6 +148,13 @@ spec:
         modes: ['moderator', 'observer']
 ```
 
+Users who are assigned a role with a `join_sessions` allow policy are
+implicitly allowed to list the sessions that the policy gives them permission 
+to join. If there's a `deny` rule that prevents listing sessions, the 
+`join_sessions` policy overrides the `deny` rule for the sessions the 
+policy allows the user to join. Outside of this exception for joining 
+sessions, `deny` statements take precedent. 
+
 #### Joining sessions example
 
 Here is an example of Jeff with role `prod-access` connecting to