diff --git a/scanner/k8s-assets/chart/k8s-assets-scanner/templates/rbac.yaml b/scanner/k8s-assets/chart/k8s-assets-scanner/templates/rbac.yaml
new file mode 100644
index 00000000..677eab4a
--- /dev/null
+++ b/scanner/k8s-assets/chart/k8s-assets-scanner/templates/rbac.yaml
@@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+# templates/rbac.yaml
+{{- if .Values.serviceAccount.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "k8s-assets-scanner.fullname" . }}
+  labels:
+    {{- include "k8s-assets-scanner.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "k8s-assets-scanner.fullname" . }}
+  labels:
+    {{- include "k8s-assets-scanner.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "k8s-assets-scanner.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "k8s-assets-scanner.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}