diff --git a/charts/logging-operator/templates/clusterrole.yaml b/charts/logging-operator/templates/clusterrole.yaml
index f92be5d53..7479f81fa 100644
--- a/charts/logging-operator/templates/clusterrole.yaml
+++ b/charts/logging-operator/templates/clusterrole.yaml
@@ -243,6 +243,15 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - anyuid
+  - privileged
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - use
 - apiGroups:
   - telemetry.kube-logging.dev
   resources:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 2a2299dee..54f4b0f06 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -238,6 +238,15 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - anyuid
+  - privileged
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - use
 - apiGroups:
   - telemetry.kube-logging.dev
   resources:
diff --git a/controllers/logging/logging_controller.go b/controllers/logging/logging_controller.go
index 842ec6d97..40e93af24 100644
--- a/controllers/logging/logging_controller.go
+++ b/controllers/logging/logging_controller.go
@@ -101,6 +101,7 @@ type LoggingReconciler struct {
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=*
 // +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=security.openshift.io,resources=securitycontextconstraints,resourceNames=anyuid;privileged,verbs=use
 
 // Reconcile logging resources
 func (r *LoggingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {