diff --git a/pkg/render/apiserver.go b/pkg/render/apiserver.go
index 49a7778a3c..36f9480a4f 100644
--- a/pkg/render/apiserver.go
+++ b/pkg/render/apiserver.go
@@ -1609,6 +1609,12 @@ func (c *apiServerComponent) tigeraUserClusterRole() *rbacv1.ClusterRole {
 			Resources: []string{"felixconfigurations"},
 			Verbs:     []string{"get", "list"},
 		},
+		// Allow the user to only view securityeventwebhooks.
+		{
+			APIGroups: []string{"crd.projectcalico.org"},
+			Resources: []string{"securityeventwebhooks"},
+			Verbs:     []string{"get", "list"},
+		},
 	}
 
 	// Privileges for lma.tigera.io have no effect on managed clusters.
@@ -1771,6 +1777,12 @@ func (c *apiServerComponent) tigeraNetworkAdminClusterRole() *rbacv1.ClusterRole
 			Resources: []string{"felixconfigurations"},
 			Verbs:     []string{"get", "list"},
 		},
+		// Allow the user to perform CRUD operations on securityeventwebhooks.
+		{
+			APIGroups: []string{"crd.projectcalico.org"},
+			Resources: []string{"securityeventwebhooks"},
+			Verbs:     []string{"get", "list", "update", "patch", "create", "delete"},
+		},
 	}
 
 	// Privileges for lma.tigera.io have no effect on managed clusters.
diff --git a/pkg/render/apiserver_test.go b/pkg/render/apiserver_test.go
index 526bc2f643..ef3ed30855 100644
--- a/pkg/render/apiserver_test.go
+++ b/pkg/render/apiserver_test.go
@@ -1377,6 +1377,11 @@ var (
 			Resources: []string{"felixconfigurations"},
 			Verbs:     []string{"get", "list"},
 		},
+		{
+			APIGroups: []string{"crd.projectcalico.org"},
+			Resources: []string{"securityeventwebhooks"},
+			Verbs:     []string{"get", "list"},
+		},
 	}
 	networkAdminPolicyRules = []rbacv1.PolicyRule{
 		{
@@ -1500,6 +1505,11 @@ var (
 			Resources: []string{"felixconfigurations"},
 			Verbs:     []string{"get", "list"},
 		},
+		{
+			APIGroups: []string{"crd.projectcalico.org"},
+			Resources: []string{"securityeventwebhooks"},
+			Verbs:     []string{"get", "list", "update", "patch", "create", "delete"},
+		},
 	}
 )