diff --git a/config/rbac/role/role.yaml b/config/rbac/role/role.yaml
index 319820ce0..5de469e38 100644
--- a/config/rbac/role/role.yaml
+++ b/config/rbac/role/role.yaml
@@ -127,9 +127,6 @@ rules:
   resources:
   - ingressclassparameterses
   - kongclusterplugins
-  - kongconsumergroups
-  - kongconsumers
-  - kongcredentialbasicauths
   - kongcustomentities
   - kongingresses
   - konglicenses
@@ -143,14 +140,73 @@ rules:
 - apiGroups:
   - configuration.konghq.com
   resources:
+  - kongcacertificates
+  - kongcertificates
+  - kongconsumergroups
+  - kongconsumers
+  - kongcredentialacls
+  - kongcredentialapikeys
+  - kongcredentialbasicauths
+  - kongcredentialhmacs
+  - kongcredentialjwts
+  - kongdataplaneclientcertificates
+  - kongkeys
+  - kongkeysets
+  - kongroutes
+  - kongservices
+  - kongsnis
+  - kongtargets
+  - kongupstreams
+  - kongvaults
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - configuration.konghq.com
+  resources:
+  - kongcacertificates/finalizers
+  - kongcertificates/finalizers
+  - kongconsumergroups/finalizers
+  - kongconsumers/finalizers
+  - kongcredentialacls/finalizers
+  - kongcredentialapikeys/finalizers
+  - kongcredentialbasicauths/finalizers
+  - kongcredentialhmacs/finalizers
+  - kongcredentialjwts/finalizers
+  - kongdataplaneclientcertificates/finalizers
+  - kongkeys/finalizers
+  - kongkeysets/finalizers
+  - kongroutes/finalizers
+  - kongservices/finalizers
+  - kongsnis/finalizers
+  - kongtargets/finalizers
+  - kongupstreams/finalizers
+  - kongvaults/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - configuration.konghq.com
+  resources:
+  - kongcacertificates/status
+  - kongcertificates/status
   - kongclusterplugins/status
   - kongconsumergroups/status
   - kongconsumers/status
+  - kongcredentialacls/status
+  - kongcredentialapikeys/status
   - kongcredentialbasicauths/status
+  - kongcredentialhmacs/status
+  - kongcredentialjwts/status
   - kongcustomentities/status
+  - kongdataplaneclientcertificates/status
   - kongingresses/status
+  - kongkeys/status
+  - kongkeysets/status
   - konglicenses/status
-  - kongpluginbindings/status
   - kongplugins/status
   - kongroutes/status
   - kongservices/status
@@ -178,21 +234,6 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - configuration.konghq.com
-  resources:
-  - kongroutes
-  - kongservices
-  - kongsnis
-  - kongtargets
-  - kongupstreams
-  - kongvaults
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -358,6 +399,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - konnect.konghq.com
+  resources:
+  - konnectapiauthconfigurations/finalizers
+  - konnectgatewaycontrolplanes/finalizers
+  verbs:
+  - patch
+  - update
 - apiGroups:
   - konnect.konghq.com
   resources:
diff --git a/controller/konnect/reconciler_generic_pluginbindingfinalizer_rbac.go b/controller/konnect/reconciler_generic_pluginbindingfinalizer_rbac.go
index 43aded6ee..5def08534 100644
--- a/controller/konnect/reconciler_generic_pluginbindingfinalizer_rbac.go
+++ b/controller/konnect/reconciler_generic_pluginbindingfinalizer_rbac.go
@@ -1,7 +1,15 @@
 package konnect
 
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongservices,verbs=get;update
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongservices,verbs=get
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongservices/finalizers,verbs=update
 
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongroutes,verbs=get;update
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongroutes,verbs=get
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongroutes/finalizers,verbs=update
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers,verbs=get
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers/finalizers,verbs=update
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumergroups,verbs=get
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumergroups/finalizers,verbs=update
 
 //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongpluginbindings,verbs=delete;list
diff --git a/controller/konnect/reconciler_generic_rbac.go b/controller/konnect/reconciler_generic_rbac.go
index 45396bba1..bb1da9ca3 100644
--- a/controller/konnect/reconciler_generic_rbac.go
+++ b/controller/konnect/reconciler_generic_rbac.go
@@ -2,38 +2,82 @@ package konnect
 
 //+kubebuilder:rbac:groups=konnect.konghq.com,resources=konnectapiauthconfigurations,verbs=get;list;watch;update;patch
 //+kubebuilder:rbac:groups=konnect.konghq.com,resources=konnectapiauthconfigurations/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=konnect.konghq.com,resources=konnectapiauthconfigurations/finalizers,verbs=update;patch
 
 //+kubebuilder:rbac:groups=konnect.konghq.com,resources=konnectgatewaycontrolplanes,verbs=get;list;watch;update;patch
 //+kubebuilder:rbac:groups=konnect.konghq.com,resources=konnectgatewaycontrolplanes/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=konnect.konghq.com,resources=konnectgatewaycontrolplanes/finalizers,verbs=update;patch
 
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongservices,verbs=get;list;watch;update;patch
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongservices/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch
 
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongpluginbindings,verbs=get;list;watch;update;patch
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongpluginbindings/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcacertificates,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcacertificates/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcacertificates/finalizers,verbs=update;patch
 
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongroutes,verbs=get;list;watch;update;patch
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongroutes/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcertificates,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcertificates/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcertificates/finalizers,verbs=update;patch
 
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongupstreams,verbs=get;list;watch;update;patch
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongupstreams/status,verbs=get;update;patch
-
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongtargets,verbs=get;list;watch;update;patch
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongtargets/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumergroups,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumergroups/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumergroups/finalizers,verbs=update;patch
 
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers,verbs=get;list;watch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers,verbs=get;list;watch;update;patch
 //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers/finalizers,verbs=update;patch
 
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumergroups,verbs=get;list;watch
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumergroups/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialacls,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialacls/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialacls/finalizers,verbs=update;patch
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialapikeys,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialapikeys/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialapikeys/finalizers,verbs=update;patch
 
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialbasicauths,verbs=get;list;watch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialbasicauths,verbs=get;list;watch;update;patch
 //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialbasicauths/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialbasicauths/finalizers,verbs=update;patch
 
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongvaults,verbs=get;list;watch;update;patch
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongvaults/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialhmacs,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialhmacs/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialhmacs/finalizers,verbs=update;patch
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialjwts,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialjwts/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcredentialjwts/finalizers,verbs=update;patch
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongdataplaneclientcertificates,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongdataplaneclientcertificates/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongdataplaneclientcertificates/finalizers,verbs=update;patch
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongkeys,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongkeys/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongkeys/finalizers,verbs=update;patch
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongkeysets,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongkeysets/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongkeysets/finalizers,verbs=update;patch
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongroutes,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongroutes/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongroutes/finalizers,verbs=update;patch
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongservices,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongservices/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongservices/finalizers,verbs=update;patch
 
 //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongsnis,verbs=get;list;watch;update;patch
 //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongsnis/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongsnis/finalizers,verbs=update;patch
 
-//+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongtargets,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongtargets/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongtargets/finalizers,verbs=update;patch
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongupstreams,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongupstreams/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongupstreams/finalizers,verbs=update;patch
+
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongvaults,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongvaults/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongvaults/finalizers,verbs=update;patch
diff --git a/controller/konnect/reconciler_kongplugin_rbac.go b/controller/konnect/reconciler_kongplugin_rbac.go
index 86ee0b81a..31632556d 100644
--- a/controller/konnect/reconciler_kongplugin_rbac.go
+++ b/controller/konnect/reconciler_kongplugin_rbac.go
@@ -1,5 +1,8 @@
 package konnect
 
 //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongplugins,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumergroups,verbs=get;list;watch;update;patch
 //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongservices,verbs=get;list;watch;update;patch
-//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongpluginbindings,verbs=get;list;create;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongroutes,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongpluginbindings,verbs=get;list;create;watch;update;patch;delete