diff --git a/CHANGELOG.md b/CHANGELOG.md
index ffb06666..a48ab27b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,6 +23,7 @@ All notable changes to this project will be documented in this file.
 - Listener controller now listens for ListenerClass updates ([#231]).
 - Propagate `ListenerClass.spec.serviceAnnotations` to the created Services ([#234]).
 - Failing to parse one `Listener`/`ListenerClass` should no longer cause the whole operator to stop functioning ([#238]).
+- Added necessary RBAC permissions for running on Openshift ([#246]).
 
 [#231]: https://github.com/stackabletech/listener-operator/pull/231
 [#232]: https://github.com/stackabletech/listener-operator/pull/232
@@ -31,6 +32,7 @@ All notable changes to this project will be documented in this file.
 [#237]: https://github.com/stackabletech/listener-operator/pull/237
 [#238]: https://github.com/stackabletech/listener-operator/pull/238
 [#244]: https://github.com/stackabletech/listener-operator/pull/244
+[#246]: https://github.com/stackabletech/listener-operator/pull/246
 
 ## [24.7.0] - 2024-07-24
 
diff --git a/deploy/helm/listener-operator/templates/roles.yaml b/deploy/helm/listener-operator/templates/roles.yaml
index bdcc116c..2eda982d 100644
--- a/deploy/helm/listener-operator/templates/roles.yaml
+++ b/deploy/helm/listener-operator/templates/roles.yaml
@@ -118,11 +118,13 @@ rules:
     resources:
       - listeners
       - listeners/status
+      - listeners/finalizers
       - podlisteners
     verbs:
       - patch
       - create
       - delete
+      - update
 {{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
   - apiGroups:
     - security.openshift.io
diff --git a/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml b/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2
similarity index 86%
rename from tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml
rename to tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2
index 50a0ff87..8d2ccfda 100644
--- a/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml
+++ b/tests/templates/kuttl/smoke-nodeport/20-validate-all-ingresses-are-reachable.yaml.j2
@@ -48,6 +48,8 @@ spec:
       containers:
         - name: query-ingresses
           image: docker.stackable.tech/stackable/testing-tools:0.2.0-stackable0.0.0-dev
+# NOTE: Hostname resolution does not work on our OKD clusters, so the command for testing the Hostname is omitted on Openshift. It would be better to omit this entire test value for Openshift but this is not (yet) possible in beku.
+{% if test_scenario['values']['openshift'] == 'true' and test_scenario['values']['addressType'] != "Hostname" %}
           command:
             - bash
             - -euo
@@ -70,6 +72,7 @@ spec:
                 echo Requesting $ADDR should return $pod;
                 curl -s $ADDR | grep $pod;
               done
+{% endif %}
           resources:
             limits:
               cpu: 500m