diff --git a/assets/state-cc-manager/0200_role.yaml b/assets/state-cc-manager/0200_role.yaml
index 795b9c234..0afa4f919 100644
--- a/assets/state-cc-manager/0200_role.yaml
+++ b/assets/state-cc-manager/0200_role.yaml
@@ -12,3 +12,11 @@ rules:
   - use
   resourceNames:
   - privileged
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
diff --git a/assets/state-cc-manager/0210_clusterrole.yaml b/assets/state-cc-manager/0210_clusterrole.yaml
index 6ee96a97c..f6c2b3e88 100644
--- a/assets/state-cc-manager/0210_clusterrole.yaml
+++ b/assets/state-cc-manager/0210_clusterrole.yaml
@@ -7,7 +7,6 @@ rules:
   - ""
   resources:
   - nodes
-  - pods
   verbs:
   - get
   - list
diff --git a/assets/state-vgpu-device-manager/0200_role.yaml b/assets/state-vgpu-device-manager/0200_role.yaml
new file mode 100644
index 000000000..9b420d6f4
--- /dev/null
+++ b/assets/state-vgpu-device-manager/0200_role.yaml
@@ -0,0 +1,22 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: nvidia-vgpu-device-manager
+  namespace: "FILLED BY THE OPERATOR"
+rules:
+- apiGroups:
+  - security.openshift.io
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - use
+  resourceNames:
+  - privileged
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
diff --git a/assets/state-vgpu-device-manager/0210_clusterrole.yaml b/assets/state-vgpu-device-manager/0210_clusterrole.yaml
index e3998da32..3d61f324b 100644
--- a/assets/state-vgpu-device-manager/0210_clusterrole.yaml
+++ b/assets/state-vgpu-device-manager/0210_clusterrole.yaml
@@ -14,8 +14,6 @@ rules:
   - ""
   resources:
   - nodes
-  - pods
-  - pods/eviction
   verbs:
   - get
   - list
diff --git a/assets/state-vgpu-device-manager/0300_rolebinding.yaml b/assets/state-vgpu-device-manager/0300_rolebinding.yaml
new file mode 100644
index 000000000..f50115a08
--- /dev/null
+++ b/assets/state-vgpu-device-manager/0300_rolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: nvidia-vgpu-device-manager
+  namespace: "FILLED BY THE OPERATOR"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: nvidia-vgpu-device-manager
+subjects:
+- kind: ServiceAccount
+  name: nvidia-vgpu-device-manager
+  namespace: "FILLED BY THE OPERATOR"