diff --git a/manifests/klusterlet/managed/klusterlet-work-clusterrole.yaml b/manifests/klusterlet/managed/klusterlet-work-clusterrole.yaml
index 7eab35751..8b48cc7c8 100644
--- a/manifests/klusterlet/managed/klusterlet-work-clusterrole.yaml
+++ b/manifests/klusterlet/managed/klusterlet-work-clusterrole.yaml
@@ -15,3 +15,7 @@ rules:
 - apiGroups: ["work.open-cluster-management.io"]
   resources: ["appliedmanifestworks/finalizers"]
   verbs: ["update"]
+# Allow agent to create subjectaccessreviews
+- apiGroups: ["authorization.k8s.io"]
+  resources: ["subjectaccessreviews"]
+  verbs: ["create"]