diff --git a/chart/jenkins-operator/templates/_role.yaml b/chart/jenkins-operator/templates/_role.yaml
index 9ff46064..4da31d4e 100644
--- a/chart/jenkins-operator/templates/_role.yaml
+++ b/chart/jenkins-operator/templates/_role.yaml
@@ -1,11 +1,13 @@
 {{ define "jenkins-operator.role" }}
 {{ $namespace := . }}
 ---
-kind: Role
+kind: {{ if eq $namespace "" }}ClusterRole{{ else }}Role{{ end }}
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: jenkins-operator
+{{- if ne $namespace "" }}
   namespace: {{ $namespace }}
+{{- end }}
 rules:
   - apiGroups:
       - apps
@@ -171,4 +173,4 @@ rules:
       - get
       - list
       - watch
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/chart/jenkins-operator/templates/role_binding.yaml b/chart/jenkins-operator/templates/role_binding.yaml
index 23817139..879af247 100644
--- a/chart/jenkins-operator/templates/role_binding.yaml
+++ b/chart/jenkins-operator/templates/role_binding.yaml
@@ -12,7 +12,28 @@ roleRef:
   kind: Role
   name: jenkins-operator
   apiGroup: rbac.authorization.k8s.io
-{{ if ne .Release.Namespace .Values.jenkins.namespace }}
+{{ if eq .Values.jenkins.namespace "" }}
+{{- /*
+# This is a special case when .Values.jenkins.namespace is equal to empty
+# string which leads to WATCH_NAMESPACE env of jenkins-operator to be set to
+# empty string and leads to operator actually watching all namespaces. In this
+# case we need to create clusterrole and clusterrolebinding instead of role and
+# rolebinding
+*/}}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: jenkins-operator
+subjects:
+  - kind: ServiceAccount
+    name: jenkins-operator
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: jenkins-operator
+  apiGroup: rbac.authorization.k8s.io
+{{ else if ne .Release.Namespace .Values.jenkins.namespace }}
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -27,4 +48,4 @@ roleRef:
   kind: Role
   name: jenkins-operator
   apiGroup: rbac.authorization.k8s.io
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/chart/jenkins-operator/values.yaml b/chart/jenkins-operator/values.yaml
index 60c992cd..dac2d691 100644
--- a/chart/jenkins-operator/values.yaml
+++ b/chart/jenkins-operator/values.yaml
@@ -18,6 +18,7 @@ jenkins:
   # namespace is the namespace where the resources will be deployed
   # It's not recommended to use default namespace
   # Create new namespace for jenkins (called e.g. jenkins)
+  # Note: this affects roles and rolebindings for jenkins operator itself
   namespace: default
 
   # labels are injected into metadata labels field
@@ -139,7 +140,7 @@ jenkins:
   # slave Jenkins service
   # See https://jenkinsci.github.io/kubernetes-operator/docs/getting-started/latest/schema/#github.com/jenkinsci/kubernetes-operator/pkg/apis/jenkins/v1alpha2.Service for details
   #slaveService:
-  
+
   # LivenessProbe for Jenkins Master pod
   livenessProbe:
     failureThreshold: 12