diff --git a/k8s/core/argocd/values.yaml b/k8s/core/argocd/values.yaml
index 8fc7cf7..149d8c0 100644
--- a/k8s/core/argocd/values.yaml
+++ b/k8s/core/argocd/values.yaml
@@ -32,22 +32,19 @@ configs:
     create: true
     policy.default: ""
     policy.csv: |
-      # Policies for "Minecraft Manager" group
-      # Access to minecraft application in argocd project - view, edit, sync
-      p, Minecraft Manager, applications, get, argocd/minecraft, allow
-      p, Minecraft Manager, applications, update, argocd/minecraft, allow
-      p, Minecraft Manager, applications, sync, argocd/minecraft, allow
-      
-      # Access to actions on minecraft application resources (including restart)
-      p, Minecraft Manager, applications, action/*, argocd/minecraft, allow
-      
-      # Access to minecraft application logs
-      p, Minecraft Manager, logs, get, argocd/minecraft, allow
-      
-      # Bind group to minecraft role
-      g, Minecraft Manager, role:minecraft
-      
+      # Bound OIDC Group and internal role
+      g, Game Servers Managers, GameServersManagersRole
+      # Role permissions
+      p, GameServersManagersRole, applications, get, games/*, allow
+      p, GameServersManagersRole, applications, update, games/*, allow
+      p, GameServersManagersRole, applications, sync, games/*, allow
+      p, GameServersManagersRole, applications, override, games/*, allow
+      p, GameServersManagersRole, applications, action/*, games/*, allow
+      p, GameServersManagersRole, exec, create, games/*, allow
+      p, GameServersManagersRole, logs, get, games/*, allow
+      p, GameServersManagersRole, applications, delete, games/*, deny
 
+      # Admin policy
       g, ArgoCD Admins, role:admin
 
   secret: