diff --git a/keda/templates/manager/role.yaml b/keda/templates/manager/role.yaml
index 04d384c9..b3b8a284 100644
--- a/keda/templates/manager/role.yaml
+++ b/keda/templates/manager/role.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.certificates.autoGenerated ( not .Values.certificates.certManager.enabled ) }}
+{{- if or (and .Values.certificates.autoGenerated (not .Values.certificates.certManager.enabled)) (.Values.permissions.operator.restrict.secret) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -17,11 +17,13 @@ rules:
   resources:
   - secrets
   verbs:
+  {{- if and .Values.certificates.autoGenerated (not .Values.certificates.certManager.enabled) }}
   - create
   - delete
-  - get
-  - list
   - patch
   - update
+  {{- end }}
   - watch
+  - get
+  - list
 {{- end -}}
diff --git a/keda/templates/manager/rolebinding.yaml b/keda/templates/manager/rolebinding.yaml
index d59542ef..b7f78259 100644
--- a/keda/templates/manager/rolebinding.yaml
+++ b/keda/templates/manager/rolebinding.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.certificates.autoGenerated ( not .Values.certificates.certManager.enabled ) }}
+{{- if or (and .Values.certificates.autoGenerated (not .Values.certificates.certManager.enabled)) (.Values.permissions.operator.restrict.secret) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata: