diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 7c519e0..3db7b1c 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -8,12 +8,6 @@ rules:
   - ""
   resources:
   - configmaps
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ""
-  resources:
   - services
   verbs:
   - get
diff --git a/internal/controller/firewallgroup_controller.go b/internal/controller/firewallgroup_controller.go
index d0aaa77..722d2c1 100644
--- a/internal/controller/firewallgroup_controller.go
+++ b/internal/controller/firewallgroup_controller.go
@@ -55,7 +55,7 @@ type FirewallGroupReconciler struct {
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallgroups/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallgroups/finalizers,verbs=update
 // +kubebuilder:rbac:groups="",resources=services,verbs=list;get;watch
-// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get
+// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/internal/controller/firewallrule_controller.go b/internal/controller/firewallrule_controller.go
index 45605ef..4f1e283 100644
--- a/internal/controller/firewallrule_controller.go
+++ b/internal/controller/firewallrule_controller.go
@@ -40,7 +40,7 @@ type FirewallRuleReconciler struct {
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallrules,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallrules/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallrules/finalizers,verbs=update
-// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get
+// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/internal/controller/firewallzone_controller.go b/internal/controller/firewallzone_controller.go
index 626ca31..8ec3108 100644
--- a/internal/controller/firewallzone_controller.go
+++ b/internal/controller/firewallzone_controller.go
@@ -66,7 +66,7 @@ func toKubeName(input string) string {
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones/finalizers,verbs=update
-// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get
+// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/internal/controller/networkconfiguration_controller.go b/internal/controller/networkconfiguration_controller.go
index 7f7fcb3..e2b706f 100644
--- a/internal/controller/networkconfiguration_controller.go
+++ b/internal/controller/networkconfiguration_controller.go
@@ -41,7 +41,7 @@ type NetworkconfigurationReconciler struct {
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=networkconfigurations,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=networkconfigurations/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=networkconfigurations/finalizers,verbs=update
-// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get
+// +kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.