diff --git a/packages/system/cozystack-api/templates/rbac.yaml b/packages/system/cozystack-api/templates/rbac.yaml
index 1a169d86..e4b3aca9 100644
--- a/packages/system/cozystack-api/templates/rbac.yaml
+++ b/packages/system/cozystack-api/templates/rbac.yaml
@@ -6,6 +6,9 @@ rules:
 - apiGroups: [""]
   resources: ["namespaces", "secrets"]
   verbs: ["get", "watch", "list"]
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["rolebindings"]
+  verbs: ["get", "watch", "list"]
 - apiGroups: [""]
   resources: ["secrets"]
   verbs: ["create", "update", "patch", "delete"]
diff --git a/pkg/registry/core/tenantnamespace/rest.go b/pkg/registry/core/tenantnamespace/rest.go
index a0b68357..f5196cad 100644
--- a/pkg/registry/core/tenantnamespace/rest.go
+++ b/pkg/registry/core/tenantnamespace/rest.go
@@ -272,6 +272,9 @@ func (r *REST) filterAccessible(
 	for _, group := range u.GetGroups() {
 		groups[group] = struct{}{}
 	}
+	if _, ok = groups["system:masters"]; ok {
+		return names, nil
+	}
 	if _, ok = groups["cozystack-cluster-admin"]; ok {
 		return names, nil
 	}