diff --git a/assets/thanos-querier/kube-rbac-proxy-secret.yaml b/assets/thanos-querier/kube-rbac-proxy-secret.yaml
index c2e8dacca7..a9957c77fe 100644
--- a/assets/thanos-querier/kube-rbac-proxy-secret.yaml
+++ b/assets/thanos-querier/kube-rbac-proxy-secret.yaml
@@ -15,7 +15,8 @@ stringData:
   config.yaml: |-
     "authorization":
       "resourceAttributes":
-        "apiVersion": "metrics.k8s.io/v1beta1"
+        "apiGroup": "metrics.k8s.io"
+        "apiVersion": "v1beta1"
         "namespace": "{{ .Value }}"
         "resource": "pods"
       "rewrites":
diff --git a/jsonnet/components/thanos-querier.libsonnet b/jsonnet/components/thanos-querier.libsonnet
index 583cbeec12..c156c571d8 100644
--- a/jsonnet/components/thanos-querier.libsonnet
+++ b/jsonnet/components/thanos-querier.libsonnet
@@ -144,7 +144,8 @@ function(params)
               },
             },
             resourceAttributes: {
-              apiVersion: 'metrics.k8s.io/v1beta1',
+              apiVersion: 'v1beta1',
+              apiGroup: 'metrics.k8s.io',
               resource: 'pods',
               namespace: '{{ .Value }}',
             },
diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go
index 65cd073adc..beec7d1d16 100644
--- a/test/e2e/framework/framework.go
+++ b/test/e2e/framework/framework.go
@@ -29,6 +29,7 @@ import (
 	openshiftconfigclientset "github.com/openshift/client-go/config/clientset/versioned"
 	openshiftmonitoringclientset "github.com/openshift/client-go/monitoring/clientset/versioned"
 	routev1 "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1"
+
 	"github.com/openshift/cluster-monitoring-operator/pkg/client"
 	"github.com/openshift/cluster-monitoring-operator/pkg/manifests"
 
@@ -370,6 +371,49 @@ func (f *Framework) CreateClusterRoleBinding(namespace, serviceAccount, clusterR
 	}, nil
 }
 
+func (f *Framework) CreateRoleBindingFromTypedClusterRole(namespace, serviceAccount string, clusterRole *rbacv1.ClusterRole) (cleanUpFunc, error) {
+	ctx := context.Background()
+
+	clusterRole, err := f.KubeClient.RbacV1().ClusterRoles().Create(ctx, clusterRole, metav1.CreateOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	roleBinding := &rbacv1.RoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: fmt.Sprintf("%s-%s", serviceAccount, clusterRole.Name),
+			Labels: map[string]string{
+				E2eTestLabelName: E2eTestLabelValue,
+			},
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				Kind:      "ServiceAccount",
+				Name:      serviceAccount,
+				Namespace: namespace,
+			},
+		},
+		RoleRef: rbacv1.RoleRef{
+			Kind:     "ClusterRole",
+			Name:     clusterRole.Name,
+			APIGroup: "rbac.authorization.k8s.io",
+		},
+	}
+
+	roleBinding, err = f.KubeClient.RbacV1().RoleBindings(namespace).Create(ctx, roleBinding, metav1.CreateOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	return func() error {
+		err := f.KubeClient.RbacV1().ClusterRoles().Delete(ctx, clusterRole.Name, metav1.DeleteOptions{})
+		if err != nil {
+			return err
+		}
+		return f.KubeClient.RbacV1().RoleBindings(namespace).Delete(ctx, roleBinding.Name, metav1.DeleteOptions{})
+	}, nil
+}
+
 func (f *Framework) CreateRoleBindingFromClusterRole(namespace, serviceAccount, clusterRole string) (cleanUpFunc, error) {
 	ctx := context.Background()
 	roleBinding := &rbacv1.RoleBinding{
diff --git a/test/e2e/user_workload_monitoring_test.go b/test/e2e/user_workload_monitoring_test.go
index 27e68644ac..47f85022a0 100644
--- a/test/e2e/user_workload_monitoring_test.go
+++ b/test/e2e/user_workload_monitoring_test.go
@@ -26,15 +26,17 @@ import (
 	"time"
 
 	"github.com/Jeffail/gabs"
-	"github.com/openshift/cluster-monitoring-operator/test/e2e/framework"
 	"github.com/pkg/errors"
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/util/cert"
+
+	"github.com/openshift/cluster-monitoring-operator/test/e2e/framework"
 )
 
 type scenario struct {
@@ -533,7 +535,18 @@ func assertTenancyForMetrics(t *testing.T) {
 
 	// Grant enough permissions to the account so it can read metrics.
 	err = framework.Poll(2*time.Second, 10*time.Second, func() error {
-		_, err = f.CreateRoleBindingFromClusterRole(userWorkloadTestNs, testAccount, "admin")
+		_, err = f.CreateRoleBindingFromTypedClusterRole(userWorkloadTestNs, testAccount, &rbacv1.ClusterRole{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "tenancy-test-metrics",
+			},
+			Rules: []rbacv1.PolicyRule{
+				{
+					APIGroups: []string{"metrics.k8s.io"},
+					Resources: []string{"pods"},
+					Verbs:     []string{"get"},
+				},
+			},
+		})
 		return err
 	})
 	if err != nil {