diff --git a/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml b/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml
index 30695fd89c..bfb84c542a 100644
--- a/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml
+++ b/deploy/aos-olm/manifests/0.6.0/files/08-ocs.configmap.yaml
@@ -6962,7 +6962,7 @@ data:
         namespace: placeholder
         annotations:
           tectonic-visibility: ocs
-          alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]'
+          alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]'
       spec:
         replaces: prometheusoperator.0.15.0
         displayName: Prometheus
@@ -7147,9 +7147,6 @@ data:
                         readOnlyRootFilesystem: true
                     nodeSelector:
                       beta.kubernetes.io/os: linux
-                    securityContext:
-                      runAsNonRoot: true
-                      runAsUser: 65534
         maturity: alpha
         version: 0.22.2
         customresourcedefinitions:
diff --git a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml
index 12587d5477..86a0977c26 100644
--- a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml
+++ b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated-edit.clusterrole.yaml
@@ -10,5 +10,5 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
 rules:
 - apiGroups: ["operators.coreos.com"]
-  resources: ["*"]
-  verbs: ["*"]
\ No newline at end of file
+  resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
diff --git a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml
deleted file mode 100644
index 9b30697e5a..0000000000
--- a/deploy/aos-olm/manifests/0.6.0/files/20-aggregated.clusterrole.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-##---
-# Source: olm/templates/20-aggregated.clusterrole.yaml
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: aggregate-olm-edit
-  labels:
-    # Add these permissions to the "admin" and "edit" default roles.
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-rules:
-- apiGroups: ["operators.coreos.com"]
-  resources: ["*"]
-  verbs: ["*"]
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: aggregate-olm-view
-  labels:
-    # Add these permissions to the "view" default roles
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-rules:
-- apiGroups: ["operators.coreos.com"]
-  resources: ["*"]
-  verbs: ["get", "list", "watch"]
diff --git a/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml b/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml
index c52735f90b..2589e9f42b 100644
--- a/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml
+++ b/deploy/aos-olm/manifests/0.6.0/files/21-aggregated-view.clusterrole.yaml
@@ -9,5 +9,5 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-view: "true"
 rules:
 - apiGroups: ["operators.coreos.com"]
-  resources: ["*"]
+  resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"]
   verbs: ["get", "list", "watch"]
diff --git a/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml b/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml
index 6ee0ab05f9..ae7fe9f851 100644
--- a/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml
+++ b/deploy/aos-olm/manifests/0.6.0/tasks/install.yaml
@@ -116,15 +116,6 @@
     files:
       - "{{ mktemp.stdout }}/20-aggregated-edit.clusterrole.yaml"
 
-- name: Apply aggregate-olm-edit ClusterRole manifest
-  oc_obj:
-    state: present
-    kind: ClusterRole
-    name: aggregate-olm-edit
-    namespace: operator-lifecycle-manager
-    files:
-      - "{{ mktemp.stdout }}/20-aggregated.clusterrole.yaml"
-
 - name: Apply aggregate-olm-view ClusterRole manifest
   oc_obj:
     state: present
diff --git a/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml b/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml
index 93c5e3a509..ee8d5a647f 100644
--- a/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml
+++ b/deploy/aos-olm/manifests/0.6.0/tasks/remove_components.yaml
@@ -76,13 +76,6 @@
     name: aggregate-olm-edit
     namespace: operator-lifecycle-manager
 
-- name: Remove aggregate-olm-edit ClusterRole manifest
-  oc_obj:
-    state: absent
-    kind: ClusterRole
-    name: aggregate-olm-edit
-    namespace: operator-lifecycle-manager
-
 - name: Remove aggregate-olm-view ClusterRole manifest
   oc_obj:
     state: absent
diff --git a/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml b/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml
index 2d5fd917c6..dfd016fb76 100644
--- a/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml
+++ b/deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml
@@ -7,7 +7,7 @@ metadata:
   namespace: placeholder
   annotations:
     tectonic-visibility: ocs
-    alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]'
+    alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]'
 spec:
   replaces: prometheusoperator.0.15.0
   displayName: Prometheus
@@ -192,9 +192,6 @@ spec:
                   readOnlyRootFilesystem: true
               nodeSelector:
                 beta.kubernetes.io/os: linux
-              securityContext:
-                runAsNonRoot: true
-                runAsUser: 65534
   maturity: alpha
   version: 0.22.2
   customresourcedefinitions:
diff --git a/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml b/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml
index 9c1b6dc4d6..5c6ec260c9 100644
--- a/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml
+++ b/deploy/chart/templates/20-aggregated-edit.clusterrole.yaml
@@ -8,5 +8,5 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
 rules:
 - apiGroups: ["operators.coreos.com"]
-  resources: ["*"]
-  verbs: ["*"]
\ No newline at end of file
+  resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
diff --git a/deploy/chart/templates/21-aggregated-view.clusterrole.yaml b/deploy/chart/templates/21-aggregated-view.clusterrole.yaml
index 3ca9c61fb6..4a251182e6 100644
--- a/deploy/chart/templates/21-aggregated-view.clusterrole.yaml
+++ b/deploy/chart/templates/21-aggregated-view.clusterrole.yaml
@@ -7,5 +7,5 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-view: "true"
 rules:
 - apiGroups: ["operators.coreos.com"]
-  resources: ["*"]
+  resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"]
   verbs: ["get", "list", "watch"]
diff --git a/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml b/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml
index 7e7c9b9452..edffc8a1a0 100644
--- a/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml
+++ b/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml
@@ -6962,7 +6962,7 @@ data:
         namespace: placeholder
         annotations:
           tectonic-visibility: ocs
-          alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]'
+          alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]'
       spec:
         replaces: prometheusoperator.0.15.0
         displayName: Prometheus
@@ -7147,9 +7147,6 @@ data:
                         readOnlyRootFilesystem: true
                     nodeSelector:
                       beta.kubernetes.io/os: linux
-                    securityContext:
-                      runAsNonRoot: true
-                      runAsUser: 65534
         maturity: alpha
         version: 0.22.2
         customresourcedefinitions:
diff --git a/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml b/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml
index 12587d5477..86a0977c26 100644
--- a/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml
+++ b/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml
@@ -10,5 +10,5 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
 rules:
 - apiGroups: ["operators.coreos.com"]
-  resources: ["*"]
-  verbs: ["*"]
\ No newline at end of file
+  resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
diff --git a/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml b/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml
index c52735f90b..2589e9f42b 100644
--- a/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml
+++ b/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml
@@ -9,5 +9,5 @@ metadata:
     rbac.authorization.k8s.io/aggregate-to-view: "true"
 rules:
 - apiGroups: ["operators.coreos.com"]
-  resources: ["*"]
+  resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"]
   verbs: ["get", "list", "watch"]
diff --git a/test/e2e/installplan_e2e_test.go b/test/e2e/installplan_e2e_test.go
index 97a0ed9cd5..670defab9c 100644
--- a/test/e2e/installplan_e2e_test.go
+++ b/test/e2e/installplan_e2e_test.go
@@ -23,7 +23,7 @@ import (
 
 const (
 	etcdVersion            = "3.2.13"
-	prometheusVersion      = "v1.7.0"
+	prometheusVersion      = "v2.3.2"
 	expectedEtcdNodes      = 3
 	expectedPrometheusSize = 3
 	ocsConfigMap           = "ocs"
diff --git a/test/e2e/ocs_e2e_test.go b/test/e2e/ocs_e2e_test.go
index fd7cc41306..63aee5d0e8 100644
--- a/test/e2e/ocs_e2e_test.go
+++ b/test/e2e/ocs_e2e_test.go
@@ -305,13 +305,13 @@ func TestInstallPrometheusOCS(t *testing.T) {
 			"labels":    map[string]interface{}{"prometheus": "test-prometheus"},
 		},
 		"spec": map[string]interface{}{
-			"replicas": expectedPrometheusSize,
-			"version":  prometheusVersion,
+			"replicas":        expectedPrometheusSize,
+			"version":         prometheusVersion,
+			"securityContext": struct{}{},
 		},
 	}
 
 	t.Run("test prometheus object creation", func(t *testing.T) {
-		t.Skip("skipping prometheus object verification - currently broken")
 		err = c.CreateCustomResource(&unstructured.Unstructured{Object: prometheus})
 		require.NoError(t, err)