diff --git a/charts/ace/templates/console-importer/rbac.yaml b/charts/ace/templates/console-importer/rbac.yaml
new file mode 100644
index 000000000..c2a2dbedc
--- /dev/null
+++ b/charts/ace/templates/console-importer/rbac.yaml
@@ -0,0 +1,69 @@
+# This gives necessary permission to self-import cluster
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "ace.fullname" . }}-importer
+  # namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ace.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - cloud.bytebuilders.dev
+  - cluster.bytebuilders.dev
+  - products.x-helm.dev
+  - trickstercache.org
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - helm.toolkit.fluxcd.io
+  - source.toolkit.fluxcd.io
+  - ui.k8s.appscode.com
+  - apiextensions.k8s.io
+  - authorization.k8s.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - namespaces
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - list
+  - get
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "ace.fullname" . }}-importer
+  # namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ace.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "ace.fullname" . }}-importer
+subjects:
+- kind: ServiceAccount
+  name: {{ include "appscode.serviceAccountName" . }}-importer
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/ace/templates/console-importer/serviceaccount.yaml b/charts/ace/templates/console-importer/serviceaccount.yaml
new file mode 100644
index 000000000..417449e10
--- /dev/null
+++ b/charts/ace/templates/console-importer/serviceaccount.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "appscode.serviceAccountName" . }}-importer
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ace.labels" . | nindent 4 }}
+  {{- with .Values.global.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
diff --git a/charts/ace/templates/platform/setup-job.yaml b/charts/ace/templates/platform/setup-job.yaml
index 714a71108..c34693109 100644
--- a/charts/ace/templates/platform/setup-job.yaml
+++ b/charts/ace/templates/platform/setup-job.yaml
@@ -36,6 +36,7 @@ spec:
             {{- if eq .Values.global.platform.deploymentType "Hosted" }}
             - --create-nats-stream
             {{- end }}
+            # - --importer-service-account={{ include "appscode.serviceAccountName" . }}-importer
           # ports:
           #   - name: http
           #     containerPort: 3000