diff --git a/deployment/helm/ditto/Chart.yaml b/deployment/helm/ditto/Chart.yaml
index d4ef488ff8..e429161e36 100644
--- a/deployment/helm/ditto/Chart.yaml
+++ b/deployment/helm/ditto/Chart.yaml
@@ -16,7 +16,7 @@ description: |
   A digital twin is a virtual, cloud based, representation of his real world counterpart
   (real world “Things”, e.g. devices like sensors, smart heating, connected cars, smart grids, EV charging stations etc).
 type: application
-version: 3.5.12  # chart version is effectively set by release-job
+version: 3.5.13  # chart version is effectively set by release-job
 appVersion: 3.5.10
 keywords:
   - iot-chart
diff --git a/deployment/helm/ditto/templates/hooks/pod-deletion-cost-cron-job.yaml b/deployment/helm/ditto/templates/hooks/pod-deletion-cost-cron-job.yaml
index 044dc5190e..a2e633f2a8 100644
--- a/deployment/helm/ditto/templates/hooks/pod-deletion-cost-cron-job.yaml
+++ b/deployment/helm/ditto/templates/hooks/pod-deletion-cost-cron-job.yaml
@@ -45,6 +45,9 @@ spec:
           restartPolicy: Never
           containers:
             - name: {{ .Chart.Name }}-pod-deletion-cost-cronjob
+              securityContext:
+                runAsUser: {{ .Values.global.podDeletionCostPatching.user }}
+                runAsGroup: {{  .Values.global.podDeletionCostPatching.group }}
               image: {{ printf "%s:%s" .Values.global.podDeletionCostPatching.image.repository ( default .Values.global.podDeletionCostPatching.image.tag "latest" ) }}
               imagePullPolicy: {{ .Values.global.podDeletionCostPatching.image.pullPolicy }}
               command:
diff --git a/deployment/helm/ditto/values.yaml b/deployment/helm/ditto/values.yaml
index 9304df45a8..63387cd075 100644
--- a/deployment/helm/ditto/values.yaml
+++ b/deployment/helm/ditto/values.yaml
@@ -189,6 +189,10 @@ global:
   # podDeletionCostPatching hold configuration for whether to patch "oldest" members of the Ditto cluster with higher
   #  k8s pod-deletion-cost annotations so that they are downed last when e.g. doing an upgrade
   podDeletionCostPatching:
+    # user defines the user to run the pod-deletion-cost annotation patching job as
+    user: 1000
+    # group defines the group to run the pod-deletion-cost annotation patching job as
+    group: 1000
     # enabled whether the pod-deletion-cost annotation patching should be enabled
     enabled: true
     # annotations defines k8s annotations to add to corresponding jobs