diff --git a/Makefile b/Makefile
index 51db0101..36daea16 100644
--- a/Makefile
+++ b/Makefile
@@ -26,6 +26,8 @@ CRD_SRC := $(shell find $(CRD_SRC_DIR) -type f -name "*.go")
 CRD_GEN_DIR := $(PROJECT_DIR)/chart/crds
 CRD_GEN := $(shell find $(CRD_GEN_DIR) -type f -name "*.yaml")
 
+RBAC_GEN_DIR := $(PROJECT_DIR)/chart/rbac
+
 .PHONY: default
 default: build add-license fix-imports test
 
@@ -144,8 +146,9 @@ $(PROTOBUF_GEN): $(PROTOBUF_API_SRC) $(PROTOC) $(PROTOC_GEN_GO) $(PROTOC_GEN_GRP
 	@$(GOIMPORTS) -local "github.com/openshift-service-mesh/federation" -w $(API_GEN_DIR)/
 
 $(CRD_GEN): $(CRD_SRC) $(CONTROLLER_GEN) ## Generates Kubernetes CRDs, controller-runtime artifacts and related manifests.
-	$(CONTROLLER_GEN) paths="$(CRD_SRC_DIR)/..." \
+	$(CONTROLLER_GEN) paths="./..." \
 		crd output:crd:artifacts:config="$(CRD_GEN_DIR)" \
+		rbac:roleName=manager-role output:rbac:artifacts:config="$(RBAC_GEN_DIR)"  \
 		object:headerFile="$(LICENSE_FILE)"
 
 .PHONY: fix-imports
diff --git a/chart/rbac/role.yaml b/chart/rbac/role.yaml
new file mode 100644
index 00000000..601e9aa6
--- /dev/null
+++ b/chart/rbac/role.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: manager-role
+rules:
+- apiGroups:
+  - federation.openshift-service-mesh.io
+  resources:
+  - federatedservices
+  - meshfederations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - federation.openshift-service-mesh.io
+  resources:
+  - federatedservices/finalizers
+  - meshfederations/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - federation.openshift-service-mesh.io
+  resources:
+  - federatedservices/status
+  - meshfederations/status
+  verbs:
+  - get
+  - patch
+  - update