diff --git a/charts/cryostat/templates/clusterrole.yaml b/charts/cryostat/templates/clusterrole.yaml
index e20d7b96..4aeed87c 100644
--- a/charts/cryostat/templates/clusterrole.yaml
+++ b/charts/cryostat/templates/clusterrole.yaml
@@ -1,8 +1,8 @@
-{{- if .Values.rbac.create -}}
+{{- if and .Values.rbac.create .Values.core.discovery.kubernetes.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "cryostat.fullname" . }}
+  name: {{ include "cryostat.fullname" . }}-namespaced
   labels:
     {{- include "cryostat.labels" . | nindent 4 }}
 rules:
diff --git a/charts/cryostat/templates/rolebinding.yaml b/charts/cryostat/templates/rolebinding.yaml
index be445520..d3f7107c 100644
--- a/charts/cryostat/templates/rolebinding.yaml
+++ b/charts/cryostat/templates/rolebinding.yaml
@@ -12,7 +12,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "cryostat.fullname" . }}
+  name: {{ include "cryostat.fullname" . }}-namespaced
 subjects:
 - kind: ServiceAccount
   name: {{ include "cryostat.serviceAccountName" . }}
@@ -20,13 +20,11 @@ subjects:
 {{- end -}}
 {{- end -}}
 
-{{- if .Values.rbac.create -}}
-{{- $ := . -}}
+{{- if and .Values.rbac.create .Values.core.discovery.kubernetes.enabled -}}
 {{- $watchNs := list -}}
-{{- $ownNs := .Release.Namespace -}}
 {{- range .Values.core.discovery.kubernetes.namespaces -}}
 {{- if eq . "." -}}
-{{- $watchNs = append $watchNs $ownNs -}}
+{{- $watchNs = append $watchNs $.Release.Namespace -}}
 {{- else -}}
 {{- $watchNs = append $watchNs . -}}
 {{- end -}}