diff --git a/Makefile b/Makefile
index 7b0fc71..a351bd3 100644
--- a/Makefile
+++ b/Makefile
@@ -45,7 +45,7 @@ help: ## Display this help.
 
 .PHONY: manifests
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) rbac:roleName=plugin-barman-cloud crd webhook paths="./api/..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) rbac:roleName=plugin-barman-cloud crd webhook paths="./api/..." paths="./internal/controller/..." output:crd:artifacts:config=config/crd/bases
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index c4a62a3..6d58dec 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -48,6 +48,12 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - postgresql.cnpg.io
+  resources:
+  - clusters/finalizers
+  verbs:
+  - update
 - apiGroups:
   - rbac.authorization.k8s.io
   resources:
diff --git a/internal/controller/objectstore_controller.go b/internal/controller/objectstore_controller.go
index d68b2d3..7e0dad6 100644
--- a/internal/controller/objectstore_controller.go
+++ b/internal/controller/objectstore_controller.go
@@ -37,6 +37,7 @@ type ObjectStoreReconciler struct {
 // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=create;patch;update;get;list;watch
 // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=create;patch;update;get;list;watch
 // +kubebuilder:rbac:groups="",resources=secrets,verbs=create;list;get;watch;delete
+// +kubebuilder:rbac:groups=postgresql.cnpg.io,resources=clusters/finalizers,verbs=update
 // +kubebuilder:rbac:groups=postgresql.cnpg.io,resources=backups,verbs=get;list;watch
 // +kubebuilder:rbac:groups=barmancloud.cnpg.io,resources=objectstores,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=barmancloud.cnpg.io,resources=objectstores/status,verbs=get;update;patch
diff --git a/manifest.yaml b/manifest.yaml
index 40fca4f..7248ce9 100644
--- a/manifest.yaml
+++ b/manifest.yaml
@@ -807,6 +807,12 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - postgresql.cnpg.io
+  resources:
+  - clusters/finalizers
+  verbs:
+  - update
 - apiGroups:
   - rbac.authorization.k8s.io
   resources: