Note credential parameter shadowing

docs/user.adoc

@@ -1521,7 +1521,7 @@ The list of available credentials will depend on a number of factors:
 
 [WARNING]
 ====
-Credentials parameters can only access the per-user credentials store of the job that was explicitly triggered by the user.
+Credentials parameters can only access user credentials if the corresponding user is the one who chooses them during a build.
 
 Downstream jobs will be passed the credentials ID but will not be passed access to the user's per-user credentials store.
 This restriction is to prevent a malicious actor adding a hidden job as a downstream job and thereby gaining access to the per-user credentials store.
@@ -1530,6 +1530,13 @@ This restriction is to prevent a malicious actor adding a hidden job as a downst
 The credentials parameter value will be the ID of the selected credentials.
 Use the link:https://plugins.jenkins.io/credentials-binding[Credentials Binding] plugin if you need to get access to the secrets of a credentials instance, for example to use a password for authenticating a request to a third party system.
 
+[INFO]
+====
+The credentials parameter name becomes a pseudo credentials ID when credentials are resolved during a build.
+This allows for existing jobs and pipelines that use global or folder credentials to be easily updated to use user credentials by simply adding a credentials parameter to a build with a name matching the existing credentials ID.
+The existing global or folder credentials can be used as default values or removed entirely after this migration.
+====
+
 ==== Configuration as code (aka jcasc)
 This plugin supports the https://github.com/jenkinsci/configuration-as-code-plugin[configuration-code-plugin] to manage credentials through yaml