diff --git a/config/config-defaults-triggers.yaml b/config/config-defaults-triggers.yaml
index a438cf81f..83ffa17a2 100644
--- a/config/config-defaults-triggers.yaml
+++ b/config/config-defaults-triggers.yaml
@@ -42,3 +42,4 @@ data:
     default-service-account: "default"
     default-run-as-user: "65532"
     default-run-as-group: "65532"
+    default-run-as-non-root: "true" # allowed values are true and false
diff --git a/pkg/apis/config/default.go b/pkg/apis/config/default.go
index 7d9e52997..21e7c3691 100644
--- a/pkg/apis/config/default.go
+++ b/pkg/apis/config/default.go
@@ -28,9 +28,11 @@ const (
 	defaultServiceAccountKey   = "default-service-account"
 	defaultRunAsUserKey        = "default-run-as-user"
 	defaultRunAsGroupKey       = "default-run-as-group"
+	defaultRunAsNonRootKey     = "default-run-as-non-root"
 	DefaultServiceAccountValue = "default"
 	defaultRunAsUserValue      = 65532
 	defaultRunAsGroupValue     = 65532
+	defaultRunAsNonRootValue   = true
 )
 
 // Defaults holds the default configurations
@@ -39,6 +41,11 @@ type Defaults struct {
 	DefaultServiceAccount string
 	DefaultRunAsUser      int64
 	DefaultRunAsGroup     int64
+	DefaultRunAsNonRoot   bool
+	// These two fields are used to decide whether to configure
+	// runAsUser and runAsGroup within a Security Context Constraint (SCC).
+	IsDefaultRunAsUserEmpty  bool
+	IsDefaultRunAsGroupEmpty bool
 }
 
 // GetDefaultsConfigName returns the name of the configmap containing all
@@ -62,7 +69,8 @@ func (cfg *Defaults) Equals(other *Defaults) bool {
 
 	return other.DefaultServiceAccount == cfg.DefaultServiceAccount &&
 		other.DefaultRunAsUser == cfg.DefaultRunAsUser &&
-		other.DefaultRunAsGroup == cfg.DefaultRunAsGroup
+		other.DefaultRunAsGroup == cfg.DefaultRunAsGroup &&
+		other.DefaultRunAsNonRoot == cfg.DefaultRunAsNonRoot
 }
 
 // NewDefaultsFromMap returns a Config given a map corresponding to a ConfigMap
@@ -71,6 +79,7 @@ func NewDefaultsFromMap(cfgMap map[string]string) (*Defaults, error) {
 		DefaultServiceAccount: DefaultServiceAccountValue,
 		DefaultRunAsUser:      defaultRunAsUserValue,
 		DefaultRunAsGroup:     defaultRunAsGroupValue,
+		DefaultRunAsNonRoot:   defaultRunAsNonRootValue,
 	}
 
 	if defaultServiceAccount, ok := cfgMap[defaultServiceAccountKey]; ok {
@@ -78,29 +87,45 @@ func NewDefaultsFromMap(cfgMap map[string]string) (*Defaults, error) {
 	}
 
 	if defaultRunAsUser, ok := cfgMap[defaultRunAsUserKey]; ok {
-		if defaultRunAsUser == "" {
-			tc.DefaultRunAsUser = 0
-		} else {
+		if defaultRunAsUser != "" {
 			runAsUser, err := strconv.ParseInt(defaultRunAsUser, 10, 0)
 			if err != nil {
 				return nil, fmt.Errorf("failed parsing runAsUser config %q", defaultRunAsUser)
 			}
 			tc.DefaultRunAsUser = runAsUser
+		} else {
+			// if runAsUser is "" don't set runAsUser in SCC
+			tc.IsDefaultRunAsUserEmpty = true
 		}
 	}
 
 	if defaultRunAsGroup, ok := cfgMap[defaultRunAsGroupKey]; ok {
-		if defaultRunAsGroup == "" {
-			tc.DefaultRunAsGroup = 0
-		} else {
+		if defaultRunAsGroup != "" {
 			runAsGroup, err := strconv.ParseInt(defaultRunAsGroup, 10, 0)
 			if err != nil {
-				return nil, fmt.Errorf("failed parsing runAsUser config %q", defaultRunAsGroup)
+				return nil, fmt.Errorf("failed parsing runAsGroup config %q", defaultRunAsGroup)
 			}
 			tc.DefaultRunAsGroup = runAsGroup
+		} else {
+			// if runAsGroup is "" don't set runAsGroup in SCC
+			tc.IsDefaultRunAsGroupEmpty = true
 		}
 	}
 
+	if defaultRunAsNonRoot, ok := cfgMap[defaultRunAsNonRootKey]; ok {
+		if defaultRunAsNonRoot != "" {
+			runAsNonRoot, err := strconv.ParseBool(defaultRunAsNonRoot)
+			if err != nil {
+				return nil, fmt.Errorf("failed parsing runAsNonRoot config %q", defaultRunAsNonRoot)
+			}
+			tc.DefaultRunAsNonRoot = runAsNonRoot
+		} else {
+			// if "" value is provided via configmap set back to default value which is true
+			tc.DefaultRunAsNonRoot = defaultRunAsNonRootValue
+		}
+
+	}
+
 	return &tc, nil
 }
 
diff --git a/pkg/apis/config/default_test.go b/pkg/apis/config/default_test.go
index 8cd9e4c8d..ef23dd0d5 100644
--- a/pkg/apis/config/default_test.go
+++ b/pkg/apis/config/default_test.go
@@ -38,6 +38,7 @@ func TestNewDefaultsFromConfigMap(t *testing.T) {
 				DefaultServiceAccount: "default",
 				DefaultRunAsUser:      65532,
 				DefaultRunAsGroup:     65532,
+				DefaultRunAsNonRoot:   true,
 			},
 			fileName: config.GetDefaultsConfigName(),
 		},
@@ -58,6 +59,7 @@ func TestNewDefaultsFromEmptyConfigMap(t *testing.T) {
 		DefaultServiceAccount: "default",
 		DefaultRunAsUser:      65532,
 		DefaultRunAsGroup:     65532,
+		DefaultRunAsNonRoot:   true,
 	}
 	verifyConfigFileWithExpectedConfig(t, DefaultsConfigEmptyName, expectedConfig)
 }
@@ -65,9 +67,12 @@ func TestNewDefaultsFromEmptyConfigMap(t *testing.T) {
 func TestNewDefaultsFromConfigMapWithEmptyVal(t *testing.T) {
 	DefaultsConfigEmptyVal := "config-defaults-triggers-empty-val"
 	expectedConfig := &config.Defaults{
-		DefaultServiceAccount: "default",
-		DefaultRunAsUser:      0,
-		DefaultRunAsGroup:     0,
+		DefaultServiceAccount:    "default",
+		DefaultRunAsUser:         65532,
+		DefaultRunAsGroup:        65532,
+		DefaultRunAsNonRoot:      true, // when empty value set from configmap we set back to default value for runAsNonRoot
+		IsDefaultRunAsUserEmpty:  true,
+		IsDefaultRunAsGroupEmpty: true,
 	}
 	verifyConfigFileWithExpectedConfig(t, DefaultsConfigEmptyVal, expectedConfig)
 }
diff --git a/pkg/apis/config/testdata/config-defaults-empty.yaml b/pkg/apis/config/testdata/config-defaults-empty.yaml
index bf7faf39f..ff877c388 100644
--- a/pkg/apis/config/testdata/config-defaults-empty.yaml
+++ b/pkg/apis/config/testdata/config-defaults-empty.yaml
@@ -39,3 +39,4 @@ data:
     default-service-accounts: "default"
     default-run-as-user: "65532"
     default-run-as-group: "65532"
+    default-run-as-non-root: "false"
diff --git a/pkg/apis/config/testdata/config-defaults-triggers-empty-val.yaml b/pkg/apis/config/testdata/config-defaults-triggers-empty-val.yaml
index 185e5e0c0..e5aa67a9f 100644
--- a/pkg/apis/config/testdata/config-defaults-triggers-empty-val.yaml
+++ b/pkg/apis/config/testdata/config-defaults-triggers-empty-val.yaml
@@ -21,3 +21,4 @@ data:
   default-service-account: "default"
   default-run-as-user: ""
   default-run-as-group: ""
+  default-run-as-non-root: ""
diff --git a/pkg/apis/config/testdata/config-defaults-triggers.yaml b/pkg/apis/config/testdata/config-defaults-triggers.yaml
index fbe85cd59..1c6334171 100644
--- a/pkg/apis/config/testdata/config-defaults-triggers.yaml
+++ b/pkg/apis/config/testdata/config-defaults-triggers.yaml
@@ -21,3 +21,4 @@ data:
   default-service-account: "default"
   default-run-as-user: "65532"
   default-run-as-group: "65532"
+  default-run-as-non-root: "true"
diff --git a/pkg/reconciler/eventlistener/resources/container.go b/pkg/reconciler/eventlistener/resources/container.go
index 72ce5bdef..bac047223 100644
--- a/pkg/reconciler/eventlistener/resources/container.go
+++ b/pkg/reconciler/eventlistener/resources/container.go
@@ -57,15 +57,19 @@ func MakeContainer(el *v1beta1.EventListener, configAcc reconcilersource.ConfigA
 			Capabilities: &corev1.Capabilities{
 				Drop: []corev1.Capability{"ALL"},
 			},
-			RunAsNonRoot: ptr.Bool(true),
+			RunAsNonRoot: ptr.Bool(cfg.Defaults.DefaultRunAsNonRoot),
 			SeccompProfile: &corev1.SeccompProfile{
 				Type: corev1.SeccompProfileTypeRuntimeDefault,
 			},
 		}
 	}
 
-	containerSecurityContext.RunAsUser = ptr.Int64(cfg.Defaults.DefaultRunAsUser)
-	containerSecurityContext.RunAsGroup = ptr.Int64(cfg.Defaults.DefaultRunAsGroup)
+	if !cfg.Defaults.IsDefaultRunAsUserEmpty {
+		containerSecurityContext.RunAsUser = ptr.Int64(cfg.Defaults.DefaultRunAsUser)
+	}
+	if !cfg.Defaults.IsDefaultRunAsGroupEmpty {
+		containerSecurityContext.RunAsGroup = ptr.Int64(cfg.Defaults.DefaultRunAsGroup)
+	}
 
 	container := corev1.Container{
 		Name:  "event-listener",