diff --git a/charts/site-manager/templates/_helpers.tpl b/charts/site-manager/templates/_helpers.tpl
index cd71e8b4..455c7c57 100644
--- a/charts/site-manager/templates/_helpers.tpl
+++ b/charts/site-manager/templates/_helpers.tpl
@@ -42,3 +42,15 @@ IP addresses used to generate SSL certificate with "Subject Alternative Name" fi
   {{- print ( default 8080 .Values.paasGeoMonitor.config.port ) -}}
 {{- end -}}
 
+{{/*
+Returns true if RBAC should be created.
+If INFRA_RESTRICTED_ENVIRONMENT is true => return false
+Else => return createClusterAdminEntities (default false)
+*/}}
+{{- define "site-manager.shouldCreateClusterAdminEntities" -}}
+  {{- if and (hasKey .Values "INFRA_RESTRICTED_ENVIRONMENT") .Values.INFRA_RESTRICTED_ENVIRONMENT }}
+    false
+  {{- else }}
+    {{- .Values.createClusterAdminEntities | default false }}
+  {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/site-manager/templates/cluster-role-binding.yaml b/charts/site-manager/templates/cluster-role-binding.yaml
index 19cdff28..c2591976 100644
--- a/charts/site-manager/templates/cluster-role-binding.yaml
+++ b/charts/site-manager/templates/cluster-role-binding.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.createClusterAdminEntities }}
+{{- if eq (include "site-manager.shouldCreateClusterAdminEntities" .) "true" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -11,4 +11,4 @@ subjects:
   - kind: ServiceAccount
     name: {{ .Values.serviceAccount.name }}
     namespace: {{ .Release.Namespace }}
-{{ end }}
\ No newline at end of file
+{{- end }}
\ No newline at end of file
diff --git a/charts/site-manager/templates/cluster-role.yaml b/charts/site-manager/templates/cluster-role.yaml
index 06410f4a..1cc85182 100644
--- a/charts/site-manager/templates/cluster-role.yaml
+++ b/charts/site-manager/templates/cluster-role.yaml
@@ -1,4 +1,5 @@
-{{ if .Values.createClusterAdminEntities }}
+# shouldCreateClusterAdminEntities = {{ include "site-manager.shouldCreateClusterAdminEntities" . | quote }}
+{{- if eq (include "site-manager.shouldCreateClusterAdminEntities" .) "true" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -25,4 +26,4 @@ rules:
   - apiGroups: ["authentication.k8s.io"]
     resources: ["tokenreviews"]
     verbs: ["create"]
-{{ end }}
+{{- end }}