diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 41a6354..36f139d 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -21,6 +21,7 @@ rules:
   - create
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -222,6 +223,7 @@ rules:
   - create
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -232,6 +234,7 @@ rules:
   - create
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -259,6 +262,7 @@ rules:
   resources:
   - swiftproxies/finalizers
   verbs:
+  - patch
   - update
 - apiGroups:
   - swift.openstack.org
@@ -285,6 +289,7 @@ rules:
   resources:
   - swiftrings/finalizers
   verbs:
+  - patch
   - update
 - apiGroups:
   - swift.openstack.org
@@ -311,6 +316,7 @@ rules:
   resources:
   - swifts/finalizers
   verbs:
+  - patch
   - update
 - apiGroups:
   - swift.openstack.org
@@ -337,6 +343,7 @@ rules:
   resources:
   - swiftstorages/finalizers
   verbs:
+  - patch
   - update
 - apiGroups:
   - swift.openstack.org
diff --git a/controllers/swift_controller.go b/controllers/swift_controller.go
index c40c58a..79fe124 100644
--- a/controllers/swift_controller.go
+++ b/controllers/swift_controller.go
@@ -53,12 +53,12 @@ type SwiftReconciler struct {
 
 //+kubebuilder:rbac:groups=swift.openstack.org,resources=swifts,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=swift.openstack.org,resources=swifts/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=swift.openstack.org,resources=swifts/finalizers,verbs=update
+//+kubebuilder:rbac:groups=swift.openstack.org,resources=swifts/finalizers,verbs=update;patch
 
 // service account, role, rolebinding
-// +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list;watch;create;update
-// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=roles,verbs=get;list;watch;create;update
-// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=rolebindings,verbs=get;list;watch;create;update
+// +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list;watch;create;update;patch
+// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=roles,verbs=get;list;watch;create;update;patch
+// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=rolebindings,verbs=get;list;watch;create;update;patch
 // service account permissions that are needed to grant permission to the above
 // +kubebuilder:rbac:groups="security.openshift.io",resourceNames=nonroot-v2,resources=securitycontextconstraints,verbs=use
 
diff --git a/controllers/swiftproxy_controller.go b/controllers/swiftproxy_controller.go
index eb0d5a0..c580623 100644
--- a/controllers/swiftproxy_controller.go
+++ b/controllers/swiftproxy_controller.go
@@ -73,7 +73,7 @@ type SwiftProxyReconciler struct {
 
 //+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftproxies,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftproxies/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftproxies/finalizers,verbs=update
+//+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftproxies/finalizers,verbs=update;patch
 //+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=keystone.openstack.org,resources=keystoneapis,verbs=get;list;watch
 //+kubebuilder:rbac:groups=keystone.openstack.org,resources=keystoneendpoints,verbs=get;list;watch;create;update;patch;delete
diff --git a/controllers/swiftring_controller.go b/controllers/swiftring_controller.go
index 3a358a6..fc85be9 100644
--- a/controllers/swiftring_controller.go
+++ b/controllers/swiftring_controller.go
@@ -57,7 +57,7 @@ type SwiftRingReconciler struct {
 
 //+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftrings,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftrings/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftrings/finalizers,verbs=update
+//+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftrings/finalizers,verbs=update;patch
 //+kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=*,resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch
diff --git a/controllers/swiftstorage_controller.go b/controllers/swiftstorage_controller.go
index 324d72f..dabec26 100644
--- a/controllers/swiftstorage_controller.go
+++ b/controllers/swiftstorage_controller.go
@@ -75,7 +75,7 @@ type Netconfig struct {
 
 //+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftstorages,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftstorages/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftstorages/finalizers,verbs=update
+//+kubebuilder:rbac:groups=swift.openstack.org,resources=swiftstorages/finalizers,verbs=update;patch
 //+kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete