diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 10024e9..c8d69b3 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -29,31 +29,6 @@ rules:
   - zitadel.github.com
   resources:
   - connections
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - zitadel.github.com
-  resources:
-  - connections/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - zitadel.github.com
-  resources:
-  - connections/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - zitadel.topmanage.com
-  resources:
   - machineusers
   - oidcapps
   - organizations
@@ -67,8 +42,9 @@ rules:
   - update
   - watch
 - apiGroups:
-  - zitadel.topmanage.com
+  - zitadel.github.com
   resources:
+  - connections/finalizers
   - machineusers/finalizers
   - oidcapps/finalizers
   - organizations/finalizers
@@ -76,8 +52,9 @@ rules:
   verbs:
   - update
 - apiGroups:
-  - zitadel.topmanage.com
+  - zitadel.github.com
   resources:
+  - connections/status
   - machineusers/status
   - oidcapps/status
   - organizations/status
diff --git a/internal/controller/machineuser_controller.go b/internal/controller/machineuser_controller.go
index 00ba0b2..9ab631f 100644
--- a/internal/controller/machineuser_controller.go
+++ b/internal/controller/machineuser_controller.go
@@ -48,9 +48,9 @@ func NewMachineUserReconciler(client client.Client, refResolver *zitadelv1alpha1
 	}
 }
 
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=machineusers,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=machineusers/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=machineusers/finalizers,verbs=update
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=machineusers,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=machineusers/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=machineusers/finalizers,verbs=update
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/internal/controller/oidcapp_controller.go b/internal/controller/oidcapp_controller.go
index 84f542f..518aaaf 100644
--- a/internal/controller/oidcapp_controller.go
+++ b/internal/controller/oidcapp_controller.go
@@ -60,9 +60,9 @@ func NewOIDCAppReconciler(client client.Client, refResolver *zitadelv1alpha1.Ref
 	}
 }
 
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=oidcapps,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=oidcapps/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=oidcapps/finalizers,verbs=update
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=oidcapps,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=oidcapps/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=oidcapps/finalizers,verbs=update
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/internal/controller/organization_controller.go b/internal/controller/organization_controller.go
index c8f4a59..6a40700 100644
--- a/internal/controller/organization_controller.go
+++ b/internal/controller/organization_controller.go
@@ -53,9 +53,9 @@ func NewOrganizationReconciler(client client.Client, refResolver *zitadelv1alpha
 	}
 }
 
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=organizations,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=organizations/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=organizations/finalizers,verbs=update
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=organizations,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=organizations/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=organizations/finalizers,verbs=update
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/internal/controller/project_controller.go b/internal/controller/project_controller.go
index 47675ce..348a2e7 100644
--- a/internal/controller/project_controller.go
+++ b/internal/controller/project_controller.go
@@ -56,9 +56,9 @@ func NewProjectReconciler(client client.Client, refResolver *zitadelv1alpha1.Ref
 	}
 }
 
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=projects,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=projects/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=projects/finalizers,verbs=update
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=projects,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=projects/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=zitadel.github.com,resources=projects/finalizers,verbs=update
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/ops/chart/templates/manager-rbac.yaml b/ops/chart/templates/manager-rbac.yaml
index ec1d11e..af5f76c 100644
--- a/ops/chart/templates/manager-rbac.yaml
+++ b/ops/chart/templates/manager-rbac.yaml
@@ -30,31 +30,6 @@ rules:
   - zitadel.github.com
   resources:
   - connections
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - zitadel.github.com
-  resources:
-  - connections/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - zitadel.github.com
-  resources:
-  - connections/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - zitadel.topmanage.com
-  resources:
   - machineusers
   - oidcapps
   - organizations
@@ -68,8 +43,9 @@ rules:
   - update
   - watch
 - apiGroups:
-  - zitadel.topmanage.com
+  - zitadel.github.com
   resources:
+  - connections/finalizers
   - machineusers/finalizers
   - oidcapps/finalizers
   - organizations/finalizers
@@ -77,8 +53,9 @@ rules:
   verbs:
   - update
 - apiGroups:
-  - zitadel.topmanage.com
+  - zitadel.github.com
   resources:
+  - connections/status
   - machineusers/status
   - oidcapps/status
   - organizations/status