diff --git a/charts/nginx-ingress/Chart.yaml b/charts/nginx-ingress/Chart.yaml
index f1211c198f..da1aaa3a18 100644
--- a/charts/nginx-ingress/Chart.yaml
+++ b/charts/nginx-ingress/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: nginx-ingress
-version: 1.3.0
+version: 1.4.0
 appVersion: 3.6.0
 kubeVersion: ">= 1.23.0-0"
 type: application
diff --git a/charts/nginx-ingress/README.md b/charts/nginx-ingress/README.md
index faa396a974..97beb9016e 100644
--- a/charts/nginx-ingress/README.md
+++ b/charts/nginx-ingress/README.md
@@ -473,6 +473,8 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 |`controller.telemetryReporting.enable` | Enable telemetry reporting. | true |
 |`controller.enableWeightChangesDynamicReload` | Enable weight changes without reloading the NGINX configuration. May require increasing `map_hash_bucket_size`, `map_hash_max_size`, `variable_hash_bucket_size`, and `variable_hash_max_size` in the [ConfigMap](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) if there are many two-way splits. Requires `controller.nginxplus` | false |
 |`rbac.create` | Configures RBAC. | true |
+|`rbac.clusterrole.create` | Configures creation of ClusterRole. Creation can be disabled when more fine-grained control over RBAC is required. For example when controller.watchNamespace is used. | true |
+|`rbac.clusterrolebinding.create` | Configures creation of ClusterRoleBinding. Creation can be disabled when more fine-grained control over RBAC is required. For example when controller.watchNamespace is used.  | true |
 |`prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | true |
 |`prometheus.port` | Configures the port to scrape the metrics. | 9113 |
 |`prometheus.scheme` | Configures the HTTP scheme to use for connections to the Prometheus endpoint. | http |
diff --git a/charts/nginx-ingress/templates/clusterrole.yaml b/charts/nginx-ingress/templates/clusterrole.yaml
index c188603921..42566f9e47 100644
--- a/charts/nginx-ingress/templates/clusterrole.yaml
+++ b/charts/nginx-ingress/templates/clusterrole.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.rbac.create }}
+{{- if and .Values.rbac.create .Values.rbac.clusterrole.create }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
diff --git a/charts/nginx-ingress/templates/clusterrolebiding.yaml b/charts/nginx-ingress/templates/clusterrolebiding.yaml
index ed06c48ccb..2942b65497 100644
--- a/charts/nginx-ingress/templates/clusterrolebiding.yaml
+++ b/charts/nginx-ingress/templates/clusterrolebiding.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.rbac.create }}
+{{- if and .Values.rbac.create .Values.rbac.clusterrolebinding.create }}
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml
index 48ecaaf928..b749e60888 100644
--- a/charts/nginx-ingress/values.yaml
+++ b/charts/nginx-ingress/values.yaml
@@ -501,6 +501,14 @@ rbac:
   ## Configures RBAC.
   create: true
 
+  clusterrole:
+    ## Create ClusterRole
+    create: true
+
+  clusterrolebinding:
+    ## Create ClusterRoleBinding
+    create: true
+
 prometheus:
   ## Expose NGINX or NGINX Plus metrics in the Prometheus format.
   create: true
diff --git a/docs/content/installation/installing-nic/installation-with-helm.md b/docs/content/installation/installing-nic/installation-with-helm.md
index 6ce206d878..44437e9101 100644
--- a/docs/content/installation/installing-nic/installation-with-helm.md
+++ b/docs/content/installation/installing-nic/installation-with-helm.md
@@ -430,6 +430,8 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
 | **controller.telemetryReporting.enable** | Enable telemetry reporting. | true |
 | **controller.enableWeightChangesDynamicReload** | Enable weight changes without reloading the NGINX configuration. May require increasing `map_hash_bucket_size`, `map_hash_max_size`, `variable_hash_bucket_size`, and `variable_hash_max_size` in the [ConfigMap](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) if there are many two-way splits. Requires `controller.nginxplus` | false |
 | **rbac.create** | Configures RBAC. | true |
+| **rbac.clusterrole.create** | Configures creation of ClusterRole. Creation can be disabled when more fine-grained control over RBAC is required. For example when controller.watchNamespace is used. | true |
+| **rbac.clusterrolebinding.create** | Configures creation of ClusterRoleBinding. Creation can be disabled when more fine-grained control over RBAC is required. For example when controller.watchNamespace is used. | true |
 | **prometheus.create** | Expose NGINX or NGINX Plus metrics in the Prometheus format. | true |
 | **prometheus.port** | Configures the port to scrape the metrics. | 9113 |
 | **prometheus.scheme** | Configures the HTTP scheme to use for connections to the Prometheus endpoint. | http |