diff --git a/common/rbac/rbac.argoapp.yml b/common/rbac/rbac.argoapp.yml
new file mode 100644
index 0000000..3dd7fd4
--- /dev/null
+++ b/common/rbac/rbac.argoapp.yml
@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: rbac
+  namespace: argocd
+spec:
+  goTemplate: true
+  goTemplateOptions: ["missingkey=error"]
+  generators:
+    - clusters: {}
+  template:
+    metadata:
+      name: "{{.name}}-rbac"
+      namespace: argocd
+    spec:
+      destination:
+        namespace: rbac
+        server: "{{.server}}"
+      project: "{{.name}}"
+      source:
+        repoURL: https://github.com/ClubCedille/k8s-base
+        path: common/rbac/ressources
+        targetRevision: HEAD
+      syncPolicy:
+        automated:
+          selfHeal: true
+          prune: true
+        syncOptions:
+          - CreateNamespace=true
diff --git a/common/rbac/ressources/admin.yaml b/common/rbac/ressources/admin.yaml
new file mode 100644
index 0000000..493f4fc
--- /dev/null
+++ b/common/rbac/ressources/admin.yaml
@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: admin
+rules:
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["*"]
diff --git a/common/rbac/ressources/kustomization.yaml b/common/rbac/ressources/kustomization.yaml
new file mode 100644
index 0000000..3557612
--- /dev/null
+++ b/common/rbac/ressources/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - reader.yaml
+  - admin.yaml
+  - operator.yaml
diff --git a/common/rbac/ressources/operator.yaml b/common/rbac/ressources/operator.yaml
new file mode 100644
index 0000000..0121d5c
--- /dev/null
+++ b/common/rbac/ressources/operator.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: operator
+rules:
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["*"]
+  - apiGroups: ["v1"]
+    resources: ["secrets"]
+    verbs: ["create", "update", "watch", "list", "patch"]
diff --git a/common/rbac/ressources/reader.yaml b/common/rbac/ressources/reader.yaml
new file mode 100644
index 0000000..1673553
--- /dev/null
+++ b/common/rbac/ressources/reader.yaml
@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: reader
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "services", "ingress"]
+    verbs: ["get", "list", "watch"]