diff --git a/manager/rbac.yaml b/manager/rbac.yaml
index f9867bf..555ab89 100644
--- a/manager/rbac.yaml
+++ b/manager/rbac.yaml
@@ -63,6 +63,34 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   name: manager-argocd
 ---
+# Dev pod management
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: manager-dev
+  namespace: dev
+rules:
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "patch", "update"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: manager-dev
+  namespace: dev
+subjects:
+  - kind: ServiceAccount
+    name: manager
+    namespace: manager
+roleRef:
+  kind: Role
+  apiGroup: rbac.authorization.k8s.io
+  name: manager-dev
+---
 # Cluster-wide: create/delete customer namespaces and manage secrets within them
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole