diff --git a/apinetlet/controllers/rbac.go b/apinetlet/controllers/rbac.go
index 956d7e2c..7e57c2c5 100644
--- a/apinetlet/controllers/rbac.go
+++ b/apinetlet/controllers/rbac.go
@@ -20,3 +20,7 @@ package controllers
 //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch
 //+kubebuilder:rbac:groups=certificates.k8s.io,resources=certificatesigningrequests,verbs=create;get;list;watch
 //+kubebuilder:rbac:groups=certificates.k8s.io,resources=certificatesigningrequests/apinetletclient,verbs=create
+
+// Rules required for delegated authentication
+//+kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create
+//+kubebuilder:rbac:groups=authorization.k8s.io,resources=subjectaccessreviews,verbs=create