diff --git a/deploy/charts/cert-manager/cainjector/templates/rbac.yaml b/deploy/charts/cert-manager/cainjector/templates/rbac.yaml
index 36c00830f..c5b4d73b4 100644
--- a/deploy/charts/cert-manager/cainjector/templates/rbac.yaml
+++ b/deploy/charts/cert-manager/cainjector/templates/rbac.yaml
@@ -10,7 +10,7 @@ metadata:
     heritage: {{ .Release.Service }}
 rules:
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates"]
+    resources: ["certificates", "certificaterequests"]
     verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["secrets"]
diff --git a/deploy/charts/cert-manager/templates/rbac.yaml b/deploy/charts/cert-manager/templates/rbac.yaml
index f8ff2aa2f..dc4d1ed9b 100644
--- a/deploy/charts/cert-manager/templates/rbac.yaml
+++ b/deploy/charts/cert-manager/templates/rbac.yaml
@@ -81,10 +81,10 @@ metadata:
     heritage: {{ .Release.Service }}
 rules:
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "certificates/status"]
+    resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
     verbs: ["update"]
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "clusterissuers", "issuers", "orders"]
+    resources: ["certificates", "certificaterequests", "clusterissuers", "issuers", "orders"]
     verbs: ["get", "list", "watch"]
   # We require these rules to support users with the OwnerReferencesPermissionEnforcement
   # admission controller enabled:
@@ -206,10 +206,10 @@ metadata:
     heritage: {{ .Release.Service }}
 rules:
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates"]
+    resources: ["certificates", "certificaterequests"]
     verbs: ["create", "update", "delete"]
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "issuers", "clusterissuers"]
+    resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["extensions"]
     resources: ["ingresses"]
@@ -380,7 +380,7 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "issuers"]
+    resources: ["certificates", "certificaterequests", "issuers"]
     verbs: ["get", "list", "watch"]
 
 ---
@@ -398,7 +398,7 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
   - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "issuers"]
+    resources: ["certificates", "certificaterequests", "issuers"]
     verbs: ["create", "delete", "deletecollection", "patch", "update"]
 
 {{- end }}
diff --git a/deploy/charts/cert-manager/webhook/templates/rbac.yaml b/deploy/charts/cert-manager/webhook/templates/rbac.yaml
index 4c536ea24..8b947f006 100644
--- a/deploy/charts/cert-manager/webhook/templates/rbac.yaml
+++ b/deploy/charts/cert-manager/webhook/templates/rbac.yaml
@@ -63,6 +63,7 @@ rules:
   - admission.certmanager.k8s.io
   resources:
   - certificates
+  - certificaterequests
   - issuers
   - clusterissuers
   verbs: