diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index a5af45d7..a1f01779 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -86,6 +86,15 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - list
+  - update
 - apiGroups:
   - monitoring.coreos.com
   resources:
diff --git a/internal/controller/onepassworditem_controller.go b/internal/controller/onepassworditem_controller.go
index 69ec2aa5..57610b9b 100644
--- a/internal/controller/onepassworditem_controller.go
+++ b/internal/controller/onepassworditem_controller.go
@@ -67,6 +67,7 @@ type OnePasswordItemReconciler struct {
 //+kubebuilder:rbac:groups=apps,resourceNames=onepassword-connect-operator,resources=deployments/finalizers,verbs=update
 //+kubebuilder:rbac:groups=onepassword.com,resources=*,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;create
+//+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.