diff --git a/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-admin.yaml b/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-admin.yaml
new file mode 100644
index 000000000..f121a4fda
--- /dev/null
+++ b/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-admin.yaml
@@ -0,0 +1,25 @@
+{{ if .Values.rbac.install }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+  name: secretproviderclasses-admin-role
+rules:
+- apiGroups:
+  - secrets-store.csi.x-k8s.io
+  resources:
+  - secretproviderclasses
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+{{ end }}
diff --git a/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-viewer.yaml b/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-viewer.yaml
new file mode 100644
index 000000000..23c54103c
--- /dev/null
+++ b/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-viewer.yaml
@@ -0,0 +1,20 @@
+{{ if .Values.rbac.install }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+  name: secretproviderclasses-viewer-role
+rules:
+- apiGroups:
+  - secrets-store.csi.x-k8s.io
+  resources:
+  - secretproviderclasses
+  verbs:
+  - get
+  - list
+  - watch
+{{ end }}
diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-admin.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-admin.yaml
new file mode 100644
index 000000000..f121a4fda
--- /dev/null
+++ b/manifest_staging/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-admin.yaml
@@ -0,0 +1,25 @@
+{{ if .Values.rbac.install }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+  name: secretproviderclasses-admin-role
+rules:
+- apiGroups:
+  - secrets-store.csi.x-k8s.io
+  resources:
+  - secretproviderclasses
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+{{ end }}
diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-viewer.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-viewer.yaml
new file mode 100644
index 000000000..23c54103c
--- /dev/null
+++ b/manifest_staging/charts/secrets-store-csi-driver/templates/role-secretproviderclasses-viewer.yaml
@@ -0,0 +1,20 @@
+{{ if .Values.rbac.install }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+  name: secretproviderclasses-viewer-role
+rules:
+- apiGroups:
+  - secrets-store.csi.x-k8s.io
+  resources:
+  - secretproviderclasses
+  verbs:
+  - get
+  - list
+  - watch
+{{ end }}