diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
index a0bd5daa..756e1f0f 100644
--- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
@@ -130,6 +130,7 @@ rules:
   - patch
   - delete
 
+{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -145,3 +146,4 @@ rules:
   - get
   - list
   - watch
+{{- end }}
diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml
index a198ca11..1235e325 100644
--- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml
@@ -32,6 +32,7 @@ subjects:
 {{- end }}
 {{- end }}
 
+{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -47,3 +48,4 @@ subjects:
   - kind: ServiceAccount
     name: {{ template "argo-workflows.controllerServiceAccountName" . }}
     namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml
index 5901bbd1..6403bf96 100644
--- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml
+++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml
@@ -111,6 +111,8 @@ rules:
     - update
     - patch
     - delete
+
+{{- if .Values.server.clusterWorkflowTemplates.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -134,3 +136,4 @@ rules:
   - delete
   {{- end }}
 {{- end }}
+{{- end }}
diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml
index fd9450d5..16d55902 100644
--- a/charts/argo-workflows/templates/server/server-crb.yaml
+++ b/charts/argo-workflows/templates/server/server-crb.yaml
@@ -21,6 +21,8 @@ subjects:
 - kind: ServiceAccount
   name: {{ template "argo-workflows.serverServiceAccountName" . }}
   namespace: {{ .Release.Namespace }}
+
+{{- if .Values.server.clusterWorkflowTemplates.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -37,3 +39,4 @@ subjects:
   name: {{ template "argo-workflows.serverServiceAccountName" . }}
   namespace: {{ .Release.Namespace }}
 {{- end -}}
+{{- end -}}
diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml
index 375c5eb1..d2899516 100644
--- a/charts/argo-workflows/values.yaml
+++ b/charts/argo-workflows/values.yaml
@@ -143,6 +143,9 @@ controller:
   priorityClassName: ""
   # https://argoproj.github.io/argo-workflows/links/
   links: []
+  clusterWorkflowTemplates:
+    # Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates.
+    enabled: true
 
 # executor controls how the init and wait container should be customized
 executor:
@@ -262,6 +265,8 @@ server:
     https: false
 
   clusterWorkflowTemplates:
+    # Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates.
+    enabled: true
     # Give the server permissions to edit ClusterWorkflowTemplates.
     enableEditing: true
   sso: