diff --git a/base/api/rbac/cluster-role.yaml b/base/api/rbac/cluster-role.yaml
index 8384c7b..c9937b4 100644
--- a/base/api/rbac/cluster-role.yaml
+++ b/base/api/rbac/cluster-role.yaml
@@ -3,6 +3,7 @@ kind: ClusterRole
 metadata:
   name: server-creator-clusterrole
 rules:
+  # Nodes are cluster-scoped — patch needed for game server node labeling
   - apiGroups:
       - ''
     resources:
@@ -11,47 +12,12 @@ rules:
       - get
       - list
       - patch
-  - apiGroups:
-      - ''
-    resources:
-      - persistentvolumeclaims
-    verbs:
-      - create
-      - get
-      - list
-      - watch
-      - delete
+  # PVs are cluster-scoped — read-only for monitoring storage
   - apiGroups:
       - ''
     resources:
       - persistentvolumes
     verbs:
-      - create
       - get
       - list
       - watch
-      - delete
-  - apiGroups:
-      - batch
-    resources:
-      - jobs
-      - jobs/status
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - ''
-    resources:
-      - pods
-      - pods/log
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - apps
-    resources:
-      - deployments
-    verbs:
-      - patch
\ No newline at end of file
diff --git a/base/api/rbac/role.yaml b/base/api/rbac/role.yaml
index 4336cc5..9ad6b74 100644
--- a/base/api/rbac/role.yaml
+++ b/base/api/rbac/role.yaml
@@ -45,10 +45,27 @@ rules:
     verbs:
       - create
       - get
+  - apiGroups:
+      - ''
+    resources:
+      - pods/log
+    verbs:
+      - get
+  - apiGroups:
+      - ''
+    resources:
+      - persistentvolumeclaims
+    verbs:
+      - create
+      - get
+      - list
+      - watch
+      - delete
   - apiGroups:
       - 'batch'
     resources:
       - jobs
+      - jobs/status
     verbs:
       - create
       - get
@@ -70,4 +87,5 @@ rules:
       - get
       - list
       - watch
+      - patch
       - delete
\ No newline at end of file
diff --git a/base/game-server-node-connector/daemonset.yaml b/base/game-server-node-connector/daemonset.yaml
index abe7598..7f743c0 100644
--- a/base/game-server-node-connector/daemonset.yaml
+++ b/base/game-server-node-connector/daemonset.yaml
@@ -80,9 +80,6 @@ spec:
             - name: cpu-sys
               mountPath: /host-cpu
               readOnly: true
-            - name: mem-sys
-              mountPath: /host-mem
-              readOnly: true
       volumes:
         - name: server-files
           hostPath:
@@ -114,6 +111,3 @@ spec:
         - name: cpu-sys
           hostPath:
             path: /sys/devices/system/cpu/
-        - name: mem-sys
-          hostPath:
-            path: /dev/mem
\ No newline at end of file