diff --git a/charts/postgres-operator/templates/clusterrole-postgres-pod.yaml b/charts/postgres-operator/templates/clusterrole-postgres-pod.yaml
index b3f9f08f5..33c43822f 100644
--- a/charts/postgres-operator/templates/clusterrole-postgres-pod.yaml
+++ b/charts/postgres-operator/templates/clusterrole-postgres-pod.yaml
@@ -63,6 +63,7 @@ rules:
   - services
   verbs:
   - create
+{{- if toString .Values.configKubernetes.spilo_privileged | eq "true" }}
 # to run privileged pods
 - apiGroups:
   - extensions
@@ -72,4 +73,5 @@ rules:
   - privileged
   verbs:
   - use
+{{- end }}
 {{ end }}
diff --git a/charts/postgres-operator/templates/clusterrole.yaml b/charts/postgres-operator/templates/clusterrole.yaml
index 165cce7c6..885bad3f7 100644
--- a/charts/postgres-operator/templates/clusterrole.yaml
+++ b/charts/postgres-operator/templates/clusterrole.yaml
@@ -228,7 +228,8 @@ rules:
   verbs:
   - get
   - create
-# to grant privilege to run privileged pods
+{{- if toString .Values.configKubernetes.spilo_privileged | eq "true" }}
+# to run privileged pods
 - apiGroups:
   - extensions
   resources:
@@ -237,4 +238,5 @@ rules:
   - privileged
   verbs:
   - use
+{{- end }}
 {{ end }}
diff --git a/manifests/operator-service-account-rbac.yaml b/manifests/operator-service-account-rbac.yaml
index 1ba5b4d23..f0307f6a0 100644
--- a/manifests/operator-service-account-rbac.yaml
+++ b/manifests/operator-service-account-rbac.yaml
@@ -203,15 +203,15 @@ rules:
   verbs:
   - get
   - create
-# to grant privilege to run privileged pods
-- apiGroups:
-  - extensions
-  resources:
-  - podsecuritypolicies
-  resourceNames:
-  - privileged
-  verbs:
-  - use
+# to grant privilege to run privileged pods (not needed by default)
+#- apiGroups:
+#  - extensions
+#  resources:
+#  - podsecuritypolicies
+#  resourceNames:
+#  - privileged
+#  verbs:
+#  - use
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -265,12 +265,12 @@ rules:
   - services
   verbs:
   - create
-# to run privileged pods
-- apiGroups:
-  - extensions
-  resources:
-  - podsecuritypolicies
-  resourceNames:
-  - privileged
-  verbs:
-  - use
+# to grant privilege to run privileged pods (not needed by default)
+#- apiGroups:
+#  - extensions
+#  resources:
+#  - podsecuritypolicies
+#  resourceNames:
+#  - privileged
+#  verbs:
+#  - use
diff --git a/pkg/cluster/k8sres.go b/pkg/cluster/k8sres.go
index 06b074b4c..83098b8a9 100644
--- a/pkg/cluster/k8sres.go
+++ b/pkg/cluster/k8sres.go
@@ -453,8 +453,9 @@ func generateContainer(
 		VolumeMounts: volumeMounts,
 		Env:          envVars,
 		SecurityContext: &v1.SecurityContext{
-			Privileged:             &privilegedMode,
-			ReadOnlyRootFilesystem: util.False(),
+			AllowPrivilegeEscalation: &privilegedMode,
+			Privileged:               &privilegedMode,
+			ReadOnlyRootFilesystem:   util.False(),
 		},
 	}
 }