diff --git a/bundle/bundle.yaml b/bundle/bundle.yaml
index 1d45d68..0461dec 100644
--- a/bundle/bundle.yaml
+++ b/bundle/bundle.yaml
@@ -1,6 +1,8 @@
 apiVersion: "1"
-version: "1"
+version: "2"
 id: "cloudbees-ci-nb-dev-controller"
 description: "CloudBees CI configuration bundle for the cloudbees-ci-nb dev-controller Controller"
 availabilityPattern: "cloudbees-ci-casc-workshop/cloudbees-ci-nb/dev-controller"
 parent: "base"
+rbac:
+  - "rbac.yaml"
diff --git a/bundle/rbac.yaml b/bundle/rbac.yaml
new file mode 100644
index 0000000..b002395
--- /dev/null
+++ b/bundle/rbac.yaml
@@ -0,0 +1,39 @@
+removeStrategy:
+  rbac: SYNC
+roles:
+- name: authenticated
+  filterable: 'true'
+  permissions:
+  - hudson.model.Hudson.Read
+  - hudson.model.Item.Read
+  - hudson.model.View.Read
+- name: administrator
+  permissions:
+  - hudson.model.Hudson.Administer
+- name: manager
+  filterable: 'true'
+  permissions:
+  - hudson.model.Hudson.SystemRead
+  - hudson.model.Hudson.Manage
+  - com.cloudbees.plugins.credentials.CredentialsProvider.View
+  - com.cloudbees.pipeline.governance.templates.catalog.TemplateCatalogAction.ViewCatalogs
+  - com.cloudbees.jenkins.plugin.metrics.views.Alerter.View
+  - nectar.plugins.rbac.groups.Group.View
+  - nectar.plugins.rbac.roles.Role.View
+groups:
+- name: controller-admins
+  members:
+    users:
+    - admin
+    - team-admin
+    - "kodalo-admin"
+  roles:
+  - name: administrator
+    grantedAt: current
+- name: controller-managers
+  members:
+    users:
+    - "kodalo"
+  roles:
+  - name: manager
+    grantedAt: current