diff --git a/charts/argo/templates/ui-cluster-role.yaml b/charts/argo/templates/ui-cluster-role.yaml
new file mode 100644
index 00000000..7f87da16
--- /dev/null
+++ b/charts/argo/templates/ui-cluster-role.yaml
@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Release.name }}-{{ .Values.uiName}}-cluster-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/exec
+  - pods/log
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflows
+  verbs:
+  - get
+  - list
+  - watch
diff --git a/charts/argo/templates/ui-crb.yaml b/charts/argo/templates/ui-crb.yaml
new file mode 100644
index 00000000..c30420a6
--- /dev/null
+++ b/charts/argo/templates/ui-crb.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Release.name }}-{{ .Values.uiName}}-crb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Release.name }}-{{ .Values.uiName}}-cluster-role
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.uiServiceAccount }}
+  namespace: {{ .Release.Name }}