diff --git a/chart/templates/gotk/rbac.yaml b/chart/templates/gotk/rbac.yaml
index 0c939890..5af2f6ad 100644
--- a/chart/templates/gotk/rbac.yaml
+++ b/chart/templates/gotk/rbac.yaml
@@ -261,8 +261,17 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: {{ .Values.gotk.rbac.adminClusterRole.name }}
 subjects:
   - kind: ServiceAccount
     name: fluxcd
     namespace: "{{ .Release.Namespace }}"
+{{ if .Values.gotk.rbac.adminClusterRole.rules }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.gotk.rbac.adminClusterRole.name }}
+rules:
+{{ .Values.gotk.rbac.adminClusterRole.rules | toYaml }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/kraan/rbac.yaml b/chart/templates/kraan/rbac.yaml
index 6188d53a..192fed5e 100644
--- a/chart/templates/kraan/rbac.yaml
+++ b/chart/templates/kraan/rbac.yaml
@@ -156,9 +156,18 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: {{ .Values.kraan.rbac.adminClusterRole.name }}
 subjects:
 - kind: ServiceAccount
   name: kraan
   namespace: {{.Release.Namespace}}
+{{ if .Values.kraan.rbac.adminClusterRole.rules }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.kraan.rbac.adminClusterRole.name }}
+rules:
+{{ .Values.kraan.rbac.adminClusterRole.rules | toYaml }}
+{{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/chart/values.yaml b/chart/values.yaml
index a114b245..4ba182d5 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -16,6 +16,12 @@ kraan:
     enabled: true
   rbac:
     enabled: true
+    adminClusterRole:
+      # admin ClusterRole to be used by the controller, default is cluster-admin
+      name: "cluster-admin"
+      # specify rules to create a ClusterRole
+      # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#policyrule-v1-rbac-authorization-k8s-io
+      # rules: []
   netpolicy:
     enabled: true
   kraanController:
@@ -79,6 +85,12 @@ kraan:
 gotk:
   rbac:
     enabled: true
+    adminClusterRole:
+      # admin ClusterRole to be used by the controller, default is cluster-admin
+      name: "cluster-admin"
+      # specify rules to create a ClusterRole
+      # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#policyrule-v1-rbac-authorization-k8s-io
+      # rules: []
   netpolicy:
     enabled: true