diff --git a/install/installer/pkg/components/ws-manager/role.go b/install/installer/pkg/components/ws-manager/role.go
index 4a2d14da3a67f5..a793d0a7fac192 100644
--- a/install/installer/pkg/components/ws-manager/role.go
+++ b/install/installer/pkg/components/ws-manager/role.go
@@ -16,6 +16,32 @@ func role(ctx *common.RenderContext) ([]runtime.Object, error) {
 	labels := common.DefaultLabels(Component)
 
 	return []runtime.Object{
+		&rbacv1.ClusterRole{
+			TypeMeta: common.TypeMetaClusterRole,
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      Component,
+				Namespace: ctx.Namespace,
+				Labels:    labels,
+			},
+			Rules: []rbacv1.PolicyRule{
+				{
+					APIGroups: []string{"snapshot.storage.k8s.io"},
+					Resources: []string{
+						"volumesnapshotcontents",
+					},
+					Verbs: []string{
+						"get",
+						"list",
+						"create",
+						"update",
+						"patch",
+						"watch",
+						"delete",
+						"deletecollection",
+					},
+				},
+			},
+		},
 		&rbacv1.Role{
 			TypeMeta: common.TypeMetaRole,
 			ObjectMeta: metav1.ObjectMeta{
diff --git a/install/installer/pkg/components/ws-manager/rolebinding.go b/install/installer/pkg/components/ws-manager/rolebinding.go
index 6195e3c8f4b05e..d03730f93c302e 100644
--- a/install/installer/pkg/components/ws-manager/rolebinding.go
+++ b/install/installer/pkg/components/ws-manager/rolebinding.go
@@ -37,6 +37,25 @@ func rolebinding(ctx *common.RenderContext) ([]runtime.Object, error) {
 				},
 			},
 		},
+		&rbacv1.ClusterRoleBinding{
+			TypeMeta: common.TypeMetaClusterRoleBinding,
+			ObjectMeta: metav1.ObjectMeta{
+				Name:   Component,
+				Labels: labels,
+			},
+			RoleRef: rbacv1.RoleRef{
+				Kind:     "ClusterRole",
+				Name:     Component,
+				APIGroup: "rbac.authorization.k8s.io",
+			},
+			Subjects: []rbacv1.Subject{
+				{
+					Kind:      "ServiceAccount",
+					Name:      Component,
+					Namespace: ctx.Namespace,
+				},
+			},
+		},
 		&rbacv1.RoleBinding{
 			TypeMeta: common.TypeMetaRoleBinding,
 			ObjectMeta: metav1.ObjectMeta{