diff --git a/controllers/storagecluster/provider_server.go b/controllers/storagecluster/provider_server.go
index f405a5d3b0..cd38b03eec 100644
--- a/controllers/storagecluster/provider_server.go
+++ b/controllers/storagecluster/provider_server.go
@@ -448,12 +448,14 @@ func RandomString(l int) string {
 
 func getOnboardingJobObject(instance *ocsv1.StorageCluster) *batchv1.Job {
 
+	ptrToZero := int32(0)
 	return &batchv1.Job{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      onboardingJobName,
 			Namespace: instance.Namespace,
 		},
 		Spec: batchv1.JobSpec{
+			TTLSecondsAfterFinished: &ptrToZero, //Eligible to delete automatically when job completes
 			Template: corev1.PodTemplateSpec{
 				Spec: corev1.PodSpec{
 					RestartPolicy:      corev1.RestartPolicyOnFailure,
diff --git a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml
index 06d5bf47b0..2a0b8327e4 100644
--- a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml
+++ b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml
@@ -3311,7 +3311,7 @@ spec:
                 - -tls-key=/etc/tls/private/tls.key
                 - -cookie-secret-file=/etc/proxy/secrets/session_secret
                 - -openshift-service-account=ux-backend-server
-                - -openshift-delegate-urls={"/":{"resource":"StorageCluster","namespace":"openshift-storage","verb":"create"}}
+                - -openshift-delegate-urls={"/":{"group":"ocs.openshift.io","resource":"storageclusters","namespace":"openshift-storage","verb":"create"}}
                 - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
                 image: quay.io/openshift/origin-oauth-proxy:latest
                 imagePullPolicy: IfNotPresent
diff --git a/deploy/ocs-operator/manifests/onboarding-secret-generator-role.yaml b/deploy/ocs-operator/manifests/onboarding-secret-generator-role.yaml
index cae160c88c..ff1e477f7d 100644
--- a/deploy/ocs-operator/manifests/onboarding-secret-generator-role.yaml
+++ b/deploy/ocs-operator/manifests/onboarding-secret-generator-role.yaml
@@ -11,3 +11,4 @@ rules:
   - get
   - list
   - create
+  - delete
diff --git a/onboarding/main.go b/onboarding/main.go
index 170feb4e46..a4926344d5 100644
--- a/onboarding/main.go
+++ b/onboarding/main.go
@@ -70,6 +70,8 @@ func main() {
 			},
 		}
 
+		clientset.CoreV1().Secrets(operatorNamespace).Delete(context.Background(), onboardingPrivateKeySecretName, metav1.DeleteOptions{})
+
 		_, err = clientset.CoreV1().Secrets(operatorNamespace).Create(context.Background(), privateSecret, metav1.CreateOptions{})
 
 		if err != nil {
diff --git a/rbac/onboarding-secret-generator-role.yaml b/rbac/onboarding-secret-generator-role.yaml
index cae160c88c..ff1e477f7d 100644
--- a/rbac/onboarding-secret-generator-role.yaml
+++ b/rbac/onboarding-secret-generator-role.yaml
@@ -11,3 +11,4 @@ rules:
   - get
   - list
   - create
+  - delete
diff --git a/tools/csv-merger/csv-merger.go b/tools/csv-merger/csv-merger.go
index 729fff54ba..1568dbb5c7 100644
--- a/tools/csv-merger/csv-merger.go
+++ b/tools/csv-merger/csv-merger.go
@@ -1004,8 +1004,9 @@ func getUXBackendServerDeployment() appsv1.DeploymentSpec {
 							"-tls-key=/etc/tls/private/tls.key",
 							"-cookie-secret-file=/etc/proxy/secrets/session_secret",
 							"-openshift-service-account=ux-backend-server",
-							`-openshift-delegate-urls={"/":{"resource":"StorageCluster","namespace":"openshift-storage","verb":"create"}}`,
-							"-openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"},
+							`-openshift-delegate-urls={"/":{"group":"ocs.openshift.io","resource":"storageclusters","namespace":"openshift-storage","verb":"create"}}`,
+							"-openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
+						},
 						Ports: []corev1.ContainerPort{
 							{
 								ContainerPort: 8888,