diff --git a/pkg/render/apiserver.go b/pkg/render/apiserver.go
index ac685a91a6..44ac64798f 100644
--- a/pkg/render/apiserver.go
+++ b/pkg/render/apiserver.go
@@ -1441,6 +1441,7 @@ func (c *apiServerComponent) tigeraAPIServerClusterRole() *rbacv1.ClusterRole {
 				"egressgatewaypolicies",
 				"externalnetworks",
 				"globalalerts",
+				"globalalerts/status",
 				"globalalerttemplates",
 				"globalreports",
 				"globalreporttypes",
@@ -1451,10 +1452,12 @@ func (c *apiServerComponent) tigeraAPIServerClusterRole() *rbacv1.ClusterRole {
 				"managedclusters/status",
 				"networks",
 				"packetcaptures",
+				"packetcaptures/status",
 				"policyrecommendationscopes",
 				"policyrecommendationscopes/status",
 				"remoteclusterconfigurations",
 				"securityeventwebhooks",
+				"securityeventwebhooks/status",
 				"uisettings",
 				"uisettingsgroups",
 			},
diff --git a/pkg/render/intrusion_detection.go b/pkg/render/intrusion_detection.go
index da2aa28530..f0aedbad0a 100644
--- a/pkg/render/intrusion_detection.go
+++ b/pkg/render/intrusion_detection.go
@@ -342,7 +342,7 @@ func (c *intrusionDetectionComponent) intrusionDetectionClusterRole() *rbacv1.Cl
 		},
 		{
 			APIGroups: []string{"projectcalico.org", "crd.projectcalico.org"},
-			Resources: []string{"securityeventwebhooks"},
+			Resources: []string{"securityeventwebhooks", "securityeventwebhooks/status"},
 			Verbs:     []string{"get", "list", "watch", "update"},
 		},
 		{
diff --git a/pkg/render/intrusion_detection_test.go b/pkg/render/intrusion_detection_test.go
index b6bad160fa..8b1084b928 100644
--- a/pkg/render/intrusion_detection_test.go
+++ b/pkg/render/intrusion_detection_test.go
@@ -212,7 +212,7 @@ var _ = Describe("Intrusion Detection rendering tests", func() {
 			},
 			rbacv1.PolicyRule{
 				APIGroups: []string{"projectcalico.org", "crd.projectcalico.org"},
-				Resources: []string{"securityeventwebhooks"},
+				Resources: []string{"securityeventwebhooks", "securityeventwebhooks/status"},
 				Verbs:     []string{"get", "list", "watch", "update"},
 			},
 			rbacv1.PolicyRule{
diff --git a/pkg/render/node.go b/pkg/render/node.go
index c72fe93c79..638c95b351 100644
--- a/pkg/render/node.go
+++ b/pkg/render/node.go
@@ -581,6 +581,7 @@ func (c *nodeComponent) nodeRole() *rbacv1.ClusterRole {
 				APIGroups: []string{"projectcalico.org", "crd.projectcalico.org"},
 				Resources: []string{
 					"packetcaptures",
+					"packetcaptures/status",
 				},
 				Verbs: []string{"update"},
 			},