diff --git a/Tiltfile b/Tiltfile
index b947fa60d..c8dbc6913 100644
--- a/Tiltfile
+++ b/Tiltfile
@@ -21,6 +21,23 @@ namespace_create('kubewarden')
 # Install CRDs
 crd = kustomize('config/crd')
 k8s_yaml(crd)
+roles = decode_yaml_stream(kustomize('config/rbac'))
+cluster_rules = []
+namespace_rules = []
+roles_rules_mapping = {
+	"ClusterRole": {},
+	"Role": {},
+}
+
+for role in roles:
+    if role.get('kind') == 'ClusterRole':
+	roles_rules_mapping["ClusterRole"][role.get('metadata').get('name')] = role.get('rules')
+    elif role.get('kind') == 'Role':
+        roles_rules_mapping["Role"][role.get('metadata').get('name')] = role.get('rules')
+
+if len(roles_rules_mapping["ClusterRole"]) == 0 or len(roles_rules_mapping["Role"]) == 0:
+    fail("Failed to load cluster and namespace roles")
+
 
 # Install kubewarden-controller helm chart
 install = helm(
@@ -38,7 +55,16 @@ for o in objects:
         o['spec']['template']['spec']['securityContext']['runAsNonRoot'] = False
         # Disable the leader election to speed up the startup time.
         o['spec']['template']['spec']['containers'][0]['args'].remove('--leader-elect')
-        break
+
+    # Update the cluster and namespace roles used by the controller. This ensures
+    # that always we have the latest roles applied to the cluster.
+    if o.get('kind') == 'ClusterRole' and o.get('metadata').get('name') == 'kubewarden-controller-manager-cluster-role':
+	o['rules'] = roles_rules_mapping["ClusterRole"]["manager-role"]
+    if o.get('kind') == 'Role' and o.get('metadata').get('name') == 'kubewarden-controller-manager-namespaced-role':
+	o['rules'] = roles_rules_mapping["Role"]["manager-role"]
+    if o.get('kind') == 'Role' and o.get('metadata').get('name') == 'kubewarden-controller-leader-election-role':
+	o['rules'] = roles_rules_mapping["Role"]["leader-election-role"]
+
 updated_install = encode_yaml_stream(objects)
 k8s_yaml(updated_install)
 
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index a4ffc5a83..047a13f10 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -119,15 +119,6 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  - replicasets
-  verbs:
-  - get
-  - list
-  - watch
 - apiGroups:
   - apps
   resources:
diff --git a/controllers/admissionpolicy_controller.go b/controllers/admissionpolicy_controller.go
index 88ee9413d..fe4685ef8 100644
--- a/controllers/admissionpolicy_controller.go
+++ b/controllers/admissionpolicy_controller.go
@@ -46,11 +46,8 @@ import (
 //+kubebuilder:rbac:groups=policies.kubewarden.io,resources=admissionpolicies/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=policies.kubewarden.io,resources=admissionpolicies/finalizers,verbs=update
 //
-// We need access to these resources only inside of the namespace where the
-// controller is deployed. Here we assume it's being deployed inside of the
-// `kubewarden` namespace, this has to be parametrized in the helm chart
-//+kubebuilder:rbac:namespace=kubewarden,groups=core,resources=pods,verbs=get;list;watch
-//+kubebuilder:rbac:namespace=kubewarden,groups=apps,resources=replicasets;deployments,verbs=get;list;watch
+// Some RBAC rules needed to access some resources used here are defined in the
+// policyserver_controller.go file.
 
 // AdmissionPolicyReconciler reconciles an AdmissionPolicy object
 type AdmissionPolicyReconciler struct {
diff --git a/controllers/clusteradmissionpolicy_controller.go b/controllers/clusteradmissionpolicy_controller.go
index cf5d4c739..6fcc01942 100644
--- a/controllers/clusteradmissionpolicy_controller.go
+++ b/controllers/clusteradmissionpolicy_controller.go
@@ -45,12 +45,9 @@ import (
 //+kubebuilder:rbac:groups=policies.kubewarden.io,resources=clusteradmissionpolicies,verbs=get;list;watch;delete
 //+kubebuilder:rbac:groups=policies.kubewarden.io,resources=clusteradmissionpolicies/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=policies.kubewarden.io,resources=clusteradmissionpolicies/finalizers,verbs=update
-//
-// We need access to these resources only inside of the namespace where the
-// controller is deployed. Here we assume it's being deployed inside of the
-// `kubewarden` namespace, this has to be parametrized in the helm chart
-//+kubebuilder:rbac:namespace=kubewarden,groups=core,resources=pods,verbs=get;list;watch
-//+kubebuilder:rbac:namespace=kubewarden,groups=apps,resources=replicasets;deployments,verbs=get;list;watch
+
+// Some RBAC rules needed to access some resources used here are defined in the
+// policyserver_controller.go file.
 
 // ClusterAdmissionPolicyReconciler reconciles a ClusterAdmissionPolicy object
 type ClusterAdmissionPolicyReconciler struct {