diff --git a/config/crd/bases/atlas.mongodb.com_atlasdatabaseusers.yaml b/config/crd/bases/atlas.mongodb.com_atlasdatabaseusers.yaml
index ee513ee941..4dede6f140 100644
--- a/config/crd/bases/atlas.mongodb.com_atlasdatabaseusers.yaml
+++ b/config/crd/bases/atlas.mongodb.com_atlasdatabaseusers.yaml
@@ -185,6 +185,10 @@ spec:
                   - type
                   type: object
                 type: array
+              connectionSecrets:
+                additionalProperties:
+                  type: string
+                type: object
               observedGeneration:
                 description: ObservedGeneration indicates the generation of the resource
                   specification that the Atlas Operator is aware of. The Atlas Operator
diff --git a/config/rbac/clusterwide/role.yaml b/config/rbac/clusterwide/role.yaml
index bf21f37a12..41f07577bb 100644
--- a/config/rbac/clusterwide/role.yaml
+++ b/config/rbac/clusterwide/role.yaml
@@ -10,8 +10,12 @@ rules:
   resources:
   - secrets
   verbs:
+  - create
+  - delete
   - get
   - list
+  - patch
+  - update
   - watch
 - apiGroups:
   - atlas.mongodb.com
diff --git a/config/rbac/namespaced/role.yaml b/config/rbac/namespaced/role.yaml
index 34b30c7049..8440ebcb20 100644
--- a/config/rbac/namespaced/role.yaml
+++ b/config/rbac/namespaced/role.yaml
@@ -11,8 +11,12 @@ rules:
   resources:
   - secrets
   verbs:
+  - create
+  - delete
   - get
   - list
+  - patch
+  - update
   - watch
 - apiGroups:
   - atlas.mongodb.com
diff --git a/pkg/controller/atlasdatabaseuser/atlasdatabaseuser_controller.go b/pkg/controller/atlasdatabaseuser/atlasdatabaseuser_controller.go
index fbc2090d17..91ef9e18ed 100644
--- a/pkg/controller/atlasdatabaseuser/atlasdatabaseuser_controller.go
+++ b/pkg/controller/atlasdatabaseuser/atlasdatabaseuser_controller.go
@@ -47,9 +47,11 @@ type AtlasDatabaseUserReconciler struct {
 
 // +kubebuilder:rbac:groups=atlas.mongodb.com,resources=atlasdatabaseusers,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=atlas.mongodb.com,resources=atlasdatabaseusers/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups="",resources=secrets,verbs=create;update;patch;delete
 
 // +kubebuilder:rbac:groups=atlas.mongodb.com,namespace=default,resources=atlasdatabaseusers,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=atlas.mongodb.com,namespace=default,resources=atlasdatabaseusers/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups="",namespace=default,resources=secrets,verbs=create;update;patch;delete
 
 func (r *AtlasDatabaseUserReconciler) Reconcile(context context.Context, req ctrl.Request) (ctrl.Result, error) {
 	_ = context