diff --git a/deployments/kai-scheduler/templates/rbac/operator.yaml b/deployments/kai-scheduler/templates/rbac/operator.yaml
index 51a867533..0bd89faee 100644
--- a/deployments/kai-scheduler/templates/rbac/operator.yaml
+++ b/deployments/kai-scheduler/templates/rbac/operator.yaml
@@ -43,24 +43,42 @@ rules:
   - validatingwebhookconfigurations
   verbs:
   - create
-  - delete
   - get
   - list
+  - watch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resourceNames:
+  - kai-podgroup-validation-v2alpha2
+  - kai-queue-validation-v2
+  - mutating-kai-admission
+  - validating-kai-admission
+  resources:
+  - mutatingwebhookconfigurations
+  - validatingwebhookconfigurations
+  verbs:
+  - delete
   - patch
   - update
-  - watch
 - apiGroups:
   - apiextensions.k8s.io
   resources:
   - customresourcedefinitions
   verbs:
   - create
-  - delete
   - get
   - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resourceNames:
+  - queues.scheduling.run.ai
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - delete
   - patch
   - update
-  - watch
 - apiGroups:
   - apps
   resources:
diff --git a/pkg/operator/controller/config_controller.go b/pkg/operator/controller/config_controller.go
index 7b04f9b7e..314047fd2 100644
--- a/pkg/operator/controller/config_controller.go
+++ b/pkg/operator/controller/config_controller.go
@@ -75,9 +75,10 @@ func (r *ConfigReconciler) SetOperands(ops []operands.Operand) {
 // +kubebuilder:rbac:groups=apps,resources=deployments;daemonsets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch
 // +kubebuilder:rbac:groups="",resources=services;secrets;serviceaccounts;configmaps;persistentvolumeclaims;pods;endpoints,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=mutatingwebhookconfigurations;validatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups="apiextensions.k8s.io",resources=customresourcedefinitions,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups="apiextensions.k8s.io",resources=customresourcedefinitions,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=mutatingwebhookconfigurations;validatingwebhookconfigurations,resourceNames=kai-podgroup-validation-v2alpha2;kai-queue-validation-v2;mutating-kai-admission;validating-kai-admission,verbs=delete;update;patch
+// +kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=mutatingwebhookconfigurations;validatingwebhookconfigurations,verbs=get;list;watch;create
+// +kubebuilder:rbac:groups="apiextensions.k8s.io",resources=customresourcedefinitions,resourceNames=queues.scheduling.run.ai,verbs=delete;update;patch
+// +kubebuilder:rbac:groups="apiextensions.k8s.io",resources=customresourcedefinitions,verbs=get;list;watch;create
 // +kubebuilder:rbac:groups="nvidia.com",resources=clusterpolicies,verbs=get;list;watch
 // +kubebuilder:rbac:groups="monitoring.coreos.com",resources=prometheuses;servicemonitors,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="scheduling.run.ai",resources=queues,verbs=get;list;watch