diff --git a/manifests/cluster-manager/cluster-manager-registration-clusterrole.yaml b/manifests/cluster-manager/cluster-manager-registration-clusterrole.yaml
index 2a01ca51c..4cb82d469 100644
--- a/manifests/cluster-manager/cluster-manager-registration-clusterrole.yaml
+++ b/manifests/cluster-manager/cluster-manager-registration-clusterrole.yaml
@@ -54,3 +54,10 @@ rules:
 - apiGroups: ["cluster.open-cluster-management.io"]
   resources: ["managedclustersets/status"]
   verbs: ["update", "patch"]
+# Allow to access metrics API
+- apiGroups: ["authentication.k8s.io"]
+  resources: ["tokenreviews"]
+  verbs: ["create"]
+- apiGroups: ["authorization.k8s.io"]
+  resources: ["subjectaccessreviews"]
+  verbs: ["create"]
diff --git a/pkg/operators/clustermanager/bindata/bindata.go b/pkg/operators/clustermanager/bindata/bindata.go
index dc4c26a66..816f40dca 100644
--- a/pkg/operators/clustermanager/bindata/bindata.go
+++ b/pkg/operators/clustermanager/bindata/bindata.go
@@ -903,6 +903,13 @@ rules:
 - apiGroups: ["cluster.open-cluster-management.io"]
   resources: ["managedclustersets/status"]
   verbs: ["update", "patch"]
+# Allow to access metrics API
+- apiGroups: ["authentication.k8s.io"]
+  resources: ["tokenreviews"]
+  verbs: ["create"]
+- apiGroups: ["authorization.k8s.io"]
+  resources: ["subjectaccessreviews"]
+  verbs: ["create"]
 `)
 
 func manifestsClusterManagerClusterManagerRegistrationClusterroleYamlBytes() ([]byte, error) {