diff --git a/docs/resources/group.md b/docs/resources/group.md
index c31c380a7e..13b8b0122c 100644
--- a/docs/resources/group.md
+++ b/docs/resources/group.md
@@ -10,7 +10,9 @@ Manages a group within Azure Active Directory.
 
 The following API permissions are required in order to use this resource.
 
-When authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`
+When authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.
+
+Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.
 
 If using the `assignable_to_role` property, this resource additionally requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All`
 
diff --git a/docs/resources/group_member.md b/docs/resources/group_member.md
index e33832a927..73d6ea29c7 100644
--- a/docs/resources/group_member.md
+++ b/docs/resources/group_member.md
@@ -12,7 +12,9 @@ Manages a single group membership within Azure Active Directory.
 
 The following API permissions are required in order to use this resource.
 
-When authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`
+When authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.
+
+However, if the authenticated service principal is an owner of the group being managed, an application role is not required.
 
 When authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`