diff --git a/docs/apps/rbac/for_app_developers.md b/docs/apps/rbac/for_app_developers.md
index 3f1f190c5..70e058b35 100644
--- a/docs/apps/rbac/for_app_developers.md
+++ b/docs/apps/rbac/for_app_developers.md
@@ -279,3 +279,10 @@ and `Team.tracked_parents` ManyToMany relationships, respectively.
 So if you have a team object, `team.users.add(user)` will also give that
 user _member permission_ to that team, where those permissions are defined by the
 role definition with the name "team-member".
+
+
+### Role assignment callback
+
+Apps that utilize django-ansible-base may wish to add extra validation when assigning roles to actors (users or teams).
+
+see [Validation callback for role assignment](../../lib/validation.md)
diff --git a/docs/lib/validation.md b/docs/lib/validation.md
index 3dee486e1..8e1cb0497 100644
--- a/docs/lib/validation.md
+++ b/docs/lib/validation.md
@@ -23,4 +23,13 @@ The signature of this callback is
 
 `validate_role_assignment(self, actor, role_definition)`
 
-This method is reponsible for raising the appropriate exception if necessary (e.g. DRF ValidationError or DRF PermissionDenied).
+This method is reponsible for raising the appropriate exception if necessary, for example,
+
+```python
+from rest_framework.exceptions import ValidationError
+class MyDjangoModel:
+    def validate_role_assignment(self, actor, role_definition):
+        raise ValidationError({'detail': 'Role assignment not allowed.'})
+```
+
+Note, if you want the exception to result in a HTTP 400 or 403 response, you can raise django rest framework exceptions instead of django exceptions.