diff --git a/argocd/cluster-resources/argocd/misc.ftl.yaml b/argocd/cluster-resources/argocd/misc.ftl.yaml
index 8cc086deb..e46133870 100644
--- a/argocd/cluster-resources/argocd/misc.ftl.yaml
+++ b/argocd/cluster-resources/argocd/misc.ftl.yaml
@@ -9,7 +9,7 @@ spec:
   project: <#if config.multiTenant.useDedicatedInstance>${tenantName}<#else>cluster-resources</#if>
   destination:
     server: https://kubernetes.default.svc
-    namespace: <#if config.multiTenant.useDedicatedInstance>argocd<#else>${config.application.namePrefix}argocd</#if>
+    namespace: <#if config.multiTenant.useDedicatedInstance>${config.multiTenant.centralArgocdNamespace}<#else>${config.application.namePrefix}argocd</#if>
   source:
     path: misc/
 <#if config.multiTenant.useDedicatedInstance>
diff --git a/src/main/groovy/com/cloudogu/gitops/features/PrometheusStack.groovy b/src/main/groovy/com/cloudogu/gitops/features/PrometheusStack.groovy
index f932352d9..2cf7e2d20 100644
--- a/src/main/groovy/com/cloudogu/gitops/features/PrometheusStack.groovy
+++ b/src/main/groovy/com/cloudogu/gitops/features/PrometheusStack.groovy
@@ -201,7 +201,7 @@ class PrometheusStack extends Feature implements FeatureWithImage {
     }
 
     private String findValidOpenShiftUid() {
-        String uidRange = k8sClient.getAnnotation('namespace', 'monitoring', 'openshift.io/sa.scc.uid-range')
+        String uidRange = k8sClient.getAnnotation('namespace', namespace, 'openshift.io/sa.scc.uid-range')
 
         if (uidRange) {
             log.debug("found UID=${uidRange}")
diff --git a/templates/kubernetes/rbac/argocd-role.ftl.yaml b/templates/kubernetes/rbac/argocd-role.ftl.yaml
index b3dff552f..2737ee1a1 100644
--- a/templates/kubernetes/rbac/argocd-role.ftl.yaml
+++ b/templates/kubernetes/rbac/argocd-role.ftl.yaml
@@ -54,10 +54,13 @@ rules:
     resources: ["roles", "rolebindings"]
     verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
 
+  <#if config.features.secrets.active == true>
   - apiGroups: ["external-secrets.io"]
     resources: ["secretstores", "externalsecrets"]
     verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
-
+  </#if>
+  
+  <#if config.features.monitoring.active == true>
   - apiGroups: [ "monitoring.coreos.com" ]
     resources: [
       "alertmanagers",
@@ -74,4 +77,5 @@ rules:
       "podmonitors",
       "probes"
     ]
-    verbs: [ "create", "delete", "get", "list", "patch", "update", "watch" ]
\ No newline at end of file
+    verbs: [ "create", "delete", "get", "list", "patch", "update", "watch" ]
+  </#if>
\ No newline at end of file