diff --git a/pkg/cmd/install/hubaddon/scenario/addon/policy/addon-controller_clusterrole.yaml b/pkg/cmd/install/hubaddon/scenario/addon/policy/addon-controller_clusterrole.yaml
index ffe8fc35b..cb73575ae 100644
--- a/pkg/cmd/install/hubaddon/scenario/addon/policy/addon-controller_clusterrole.yaml
+++ b/pkg/cmd/install/hubaddon/scenario/addon/policy/addon-controller_clusterrole.yaml
@@ -6,6 +6,14 @@ metadata:
     app: governance-policy-addon-controller
   name: policy-addon-ctrl-manager-role
 rules:
+  - apiGroups:
+      - addon.open-cluster-management.io
+    resources:
+      - addondeploymentconfigs
+    verbs:
+      - get
+      - list
+      - watch
   - apiGroups:
       - addon.open-cluster-management.io
     resources:
@@ -93,6 +101,14 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - config.openshift.io
+    resources:
+      - infrastructures
+    verbs:
+      - get
+      - list
+      - watch
   - apiGroups:
       - coordination.k8s.io
     resources:
@@ -123,6 +139,14 @@ rules:
       - patch
       - update
       - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
   - apiGroups:
       - ""
     resourceNames:
diff --git a/pkg/cmd/install/hubaddon/scenario/addon/policy/policy.open-cluster-management.io_policyautomations.yaml b/pkg/cmd/install/hubaddon/scenario/addon/policy/policy.open-cluster-management.io_policyautomations.yaml
index e568a0f4f..02bf356c2 100644
--- a/pkg/cmd/install/hubaddon/scenario/addon/policy/policy.open-cluster-management.io_policyautomations.yaml
+++ b/pkg/cmd/install/hubaddon/scenario/addon/policy/policy.open-cluster-management.io_policyautomations.yaml
@@ -54,11 +54,11 @@ spec:
                       job
                     minLength: 1
                     type: string
-                  policyViolationContextLimit:
+                  policyViolationsLimit:
                     description: The maximum number of violating cluster contexts
                       that will be provided to the Ansible job as extra variables.
-                      When policyViolationContextLimit is set to 0, it means no limit.
-                      The default value is 1000.
+                      When policyViolationsLimit is set to 0, it means no limit. The
+                      default value is 1000.
                     minimum: 0
                     type: integer
                   secret:
diff --git a/pkg/cmd/install/hubaddon/scenario/addon/policy/propagator_clusterrole.yaml b/pkg/cmd/install/hubaddon/scenario/addon/policy/propagator_clusterrole.yaml
index 5fde84467..5da55241c 100644
--- a/pkg/cmd/install/hubaddon/scenario/addon/policy/propagator_clusterrole.yaml
+++ b/pkg/cmd/install/hubaddon/scenario/addon/policy/propagator_clusterrole.yaml
@@ -4,6 +4,14 @@ kind: ClusterRole
 metadata:
   name: governance-policy-propagator
 rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - apps.open-cluster-management.io
   resources:
@@ -22,6 +30,14 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - config.openshift.io
+  resourceNames:
+  - cluster
+  resources:
+  - dnses
+  verbs:
+  - get
 - apiGroups:
   - ""
   resources:
@@ -52,12 +68,6 @@ rules:
   - secrets
   verbs:
   - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - ""
   resourceNames:
@@ -66,6 +76,7 @@ rules:
   - secrets
   verbs:
   - get
+  - list
   - update
   - watch
 - apiGroups: