diff --git a/config/base/tekton_scheduler_role.yaml b/config/base/tekton_scheduler_role.yaml
index d6c1410291..f543ab989f 100644
--- a/config/base/tekton_scheduler_role.yaml
+++ b/config/base/tekton_scheduler_role.yaml
@@ -21,18 +21,43 @@ rules:
       - kueue.x-k8s.io
     resources:
       - resourceflavors
-      - workloads
-      - workloads/finalizers
-      - workloads/status
       - workloadpriorityclasses
     verbs:
       - get
       - list
+      - watch
+  - apiGroups:
+      - kueue.x-k8s.io
+    resources:
+      - workloadpriorityclasses
+    verbs:
+      - create
+  - apiGroups:
+      - kueue.x-k8s.io
+    resources:
+      - workloads
+    verbs:
       - create
-      - update
       - delete
+      - get
+      - list
       - patch
+      - update
       - watch
+  - apiGroups:
+      - kueue.x-k8s.io
+    resources:
+      - workloads/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - kueue.x-k8s.io
+    resources:
+      - workloads/status
+    verbs:
+      - get
+      - patch
+      - update
   - apiGroups:
       - scheduling.k8s.io
     resources:
@@ -49,8 +74,6 @@ rules:
     verbs:
       - get
       - create
-      - update
-      - list
   - nonResourceURLs:
       - /metrics
     verbs:
diff --git a/config/base/tekton_scheduler_role_binding.yaml b/config/base/tekton_scheduler_role_binding.yaml
index 6a89e8603c..4a2043c36b 100644
--- a/config/base/tekton_scheduler_role_binding.yaml
+++ b/config/base/tekton_scheduler_role_binding.yaml
@@ -17,9 +17,9 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: tekton-scheduler-rolebinding
 subjects:
-  - kind: Group
-    apiGroup: rbac.authorization.k8s.io
-    name: 'system:authenticated'
+  - kind: ServiceAccount
+    name: tekton-operator
+    namespace: tekton-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole