diff --git a/examples/provider-config/provider-config-incluster.yaml b/examples/provider-config/provider-config-incluster.yaml
index f49d686..2c1cce6 100644
--- a/examples/provider-config/provider-config-incluster.yaml
+++ b/examples/provider-config/provider-config-incluster.yaml
@@ -1,8 +1,4 @@
-# Make sure provider-helm has enough permissions to install your chart into cluster
-#
-# You can give admin permissions by running:
-# SA=$(kubectl -n crossplane-system get sa -o name | grep provider-helm | sed -e 's|serviceaccount\/|crossplane-system:|g')
-# kubectl create clusterrolebinding provider-helm-admin-binding --clusterrole cluster-admin --serviceaccount="${SA}"
+## check provider-incluster.yaml for grant access
 apiVersion: helm.crossplane.io/v1beta1
 kind: ProviderConfig
 metadata:
diff --git a/examples/provider-config/provider-incluster.yaml b/examples/provider-config/provider-incluster.yaml
new file mode 100644
index 0000000..af441a3
--- /dev/null
+++ b/examples/provider-config/provider-incluster.yaml
@@ -0,0 +1,32 @@
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: provider-helm
+spec:
+  package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.16.0
+  runtimeConfigRef:
+    apiVersion: pkg.crossplane.io/v1beta1
+    kind: DeploymentRuntimeConfig
+    name: provider-helm
+---
+apiVersion: pkg.crossplane.io/v1beta1
+kind: DeploymentRuntimeConfig
+metadata:
+  name: provider-helm
+spec:
+  serviceAccountTemplate:
+    metadata:
+      name: provider-helm
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: provider-helm-cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: provider-helm
+    namespace: crossplane-system
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io