diff --git a/helm/templates/flink/deploy.yaml b/helm/templates/flink/deploy.yaml
index 206adfd..f67c885 100644
--- a/helm/templates/flink/deploy.yaml
+++ b/helm/templates/flink/deploy.yaml
@@ -18,6 +18,8 @@ spec:
         app.kubernetes.io/name: {{ .Release.Name }}-flink  # Adding the flink prefix to the template labels
         app.kubernetes.io/instance: {{ .Release.Name }}
     spec:
+      serviceAccountName: {{ include "flink-kube-operator.serviceAccountName" . }}
+
       containers:
         - name: flink
           image: {{ .Values.flink.image.repository }}:{{ .Values.flink.image.tag }}
diff --git a/helm/templates/operator/role.yaml b/helm/templates/operator/role.yaml
new file mode 100644
index 0000000..78ea39d
--- /dev/null
+++ b/helm/templates/operator/role.yaml
@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "flink-kube-operator.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}  # Namespace where the role is created
+  labels:
+    {{- include "flink-kube-operator.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - flink.logicamp.tech  # API group of the FlinkJob CRD
+    resources:
+      - flink-jobs           # The plural name of your custom resource
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+      - patch
+      - watch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "flink-kube-operator.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}  # Namespace where the RoleBinding is created
+  labels:
+    {{- include "flink-kube-operator.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "flink-kube-operator.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}  # Ensure that the service account is in the same namespace
+roleRef:
+  kind: Role
+  name: {{ include "flink-kube-operator.serviceAccountName" . }}
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file