diff --git a/helm/flowfuse/templates/service-account.yaml b/helm/flowfuse/templates/service-account.yaml
index 19712029..e97cb2bb 100644
--- a/helm/flowfuse/templates/service-account.yaml
+++ b/helm/flowfuse/templates/service-account.yaml
@@ -30,11 +30,11 @@ metadata:
   {{- end }}
 
 ---
-
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   name: {{ ((.Values.forge).clusterRole).name | default "create-pod" }}
+  namespace: {{ .Values.forge.projectNamespace | default "flowforge" }}
   labels:
   {{- include "forge.labels" . | nindent 4 }}
 rules:
@@ -63,7 +63,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name:  {{ ((.Values.forge).clusterRole).name | default "create-pod" }}
+  name:  {{ ((.Values.forge).clusterRole).name | default "create-pod-limited" }}
   namespace: {{ .Values.forge.projectNamespace }}
   labels:
   {{- include "forge.labels" . | nindent 4 }}
@@ -72,6 +72,6 @@ subjects:
   name: flowforge
   namespace: {{ .Release.Namespace }}
 roleRef:
-  kind: ClusterRole
+  kind: Role
   name:  {{ ((.Values.forge).clusterRole).name | default "create-pod" }}
   apiGroup: rbac.authorization.k8s.io