Argo CD Server Chart Grants Unnecessary patch and delete Permissions on All Resources (*.*)

### Describe the bug

While reviewing the default Argo CD Server RBAC generated by the Helm chart, I noticed that the chart creates a ClusterRole that grants very broad privileges This effectively gives the argocd-server service account patch, delete, get permissions across all API groups and all resource types, which is unnecessarily high and goes beyond the expected scope of the least privilege principal.

### Related helm chart

argo-cd

### Helm chart version

main

### To Reproduce

[[argo-helm/charts/argo-cd/templates/argocd-server/clusterrole.yaml](https://github.com/argoproj/argo-helm/blob/cabe63d2b65ef6708567c249e676fce069815b6d/charts/argo-cd/templates/argocd-server/clusterrole.yaml#L15)](url)

### Expected behavior

- The Argo CD Server should not require patch or delete permissions cluster-wide.

- The Helm chart should ship with a more restrictive default ClusterRole.

- If such permissions are required in specific use cases, they should be optional or documented.

### Screenshots

_No response_

### Additional context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Argo CD Server Chart Grants Unnecessary patch and delete Permissions on All Resources (.) #3593

Describe the bug

Related helm chart

Helm chart version

To Reproduce

Expected behavior

Screenshots

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Argo CD Server Chart Grants Unnecessary patch and delete Permissions on All Resources (*.*) #3593

Description

Describe the bug

Related helm chart

Helm chart version

To Reproduce

Expected behavior

Screenshots

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Argo CD Server Chart Grants Unnecessary patch and delete Permissions on All Resources (.) #3593