diff --git a/apps/gramo/rbac.tf b/apps/gramo/rbac.tf
index 5d61725..327a13b 100644
--- a/apps/gramo/rbac.tf
+++ b/apps/gramo/rbac.tf
@@ -68,7 +68,7 @@ resource "kubectl_manifest" "gramo_role_bindings" {
 }
 
 resource "kubectl_manifest" "gramo_clusterrole" {
-  count = length(local.sorted-namespaces)>0 ? 1 : 0
+  count = var.cluster-admin ? 0 : 1
   yaml_body  = <<-EOF
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRole
@@ -86,11 +86,14 @@ resource "kubectl_manifest" "gramo_clusterrole" {
     - apiGroups: ["apiextensions.k8s.io"]
       resources: ["customresourcedefinitions"]
       verbs: ["get","list"]
+    - apiGroups: ["vynil.solidite.fr"]
+      resources: ["distribs", "distribs/status"]
+      verbs: ["get","list"]
   EOF
 }
 
 resource "kubectl_manifest" "gramo_clusterrole_bindings" {
-  count = length(local.sorted-namespaces)>0 ? 1 : 0
+  count = var.cluster-admin ? 0 : 1
   yaml_body  = <<-EOF
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
diff --git a/meta/domain-infra/apps.tf b/meta/domain-infra/apps.tf
index 1585a4a..7d11117 100644
--- a/meta/domain-infra/apps.tf
+++ b/meta/domain-infra/apps.tf
@@ -69,8 +69,7 @@ locals {
         volume = merge(local.global-volume, lookup(lookup(var.okd, "storage", {}), "volume", {}))
       })
     })
-    #TODO: remove ce cluster-admin dégeux
-    gramo = merge({"cluster-admin" = true}, local.global,{ for k, v in var.gramo : k => v if !contains(["enable","storage","backups"],k) },{
+    gramo = merge(local.global,{ for k, v in var.gramo : k => v if !contains(["enable","storage","backups"],k) },{
       backups = merge(local.global-backups, lookup(var.gramo, "backups", {}))
       storage = merge({ for k, v in lookup(var.gramo, "storage", {}) : k => v if !contains(["volume"],k) }, {
         volume = merge(local.global-volume, lookup(lookup(var.gramo, "storage", {}), "volume", {}))