diff --git a/charts/sharedidp/templates/job-seeding.yaml b/charts/sharedidp/templates/job-seeding.yaml
index 3a91875..ab917bc 100644
--- a/charts/sharedidp/templates/job-seeding.yaml
+++ b/charts/sharedidp/templates/job-seeding.yaml
@@ -59,30 +59,23 @@ spec:
             value: "master"
           - name: "KEYCLOAK__SHARED__USEAUTHTRAIL"
             value: "true"
+
+          #############################
+          ## CX-OPERATOR
+          #############################
+
           - name: "KEYCLOAKSEEDING__REALMS__0__DATAPATHS__0"
             value: "realms/CX-Operator-realm.json"
-          - name: "KEYCLOAKSEEDING__REALMS__1__DATAPATHS__0"
-            value: "realms/master-realm.json"
           - name: "KEYCLOAKSEEDING__REALMS__0__CREATE"
             value: "true"
           - name: "KEYCLOAKSEEDING__REALMS__0__UPDATE"
             value: "true"
           - name: "KEYCLOAKSEEDING__REALMS__0__DELETE"
             value: "true"
-          - name: "KEYCLOAKSEEDING__REALMS__1__CREATE"
-            value: "true"
-          - name: "KEYCLOAKSEEDING__REALMS__1__UPDATE"
-            value: "true"
-          - name: "KEYCLOAKSEEDING__REALMS__1__DELETE"
-            value: "true"
           - name: "KEYCLOAKSEEDING__REALMS__0__INSTANCENAME"
             value: "shared"
-          - name: "KEYCLOAKSEEDING__REALMS__1__INSTANCENAME"
-            value: "shared"
           - name: "KEYCLOAKSEEDING__REALMS__0__REALM"
             value: "CX-Operator"
-          - name: "KEYCLOAKSEEDING__REALMS__1__REALM"
-            value: "master"
           - name: "KEYCLOAKSEEDING__REALMS__0__SSLREQUIRED"
             value: "{{ .Values.realmSeeding.realms.cxOperator.sslRequired }}"
 
@@ -176,10 +169,75 @@ spec:
                 name: "{{ template "sharedidp.secret.realmSeeding.cxOperator" . }}"
                 key: "mailing-password"
 
+          #############################
+          ## MASTER
+          #############################
+
+          - name: "KEYCLOAKSEEDING__REALMS__1__DATAPATHS__0"
+            value: "realms/master-realm.json"
+          - name: "KEYCLOAKSEEDING__REALMS__1__INSTANCENAME"
+            value: "shared"
+          - name: "KEYCLOAKSEEDING__REALMS__1__REALM"
+            value: "master"
+          - name: "KEYCLOAKSEEDING__REALMS__1__CREATE"
+            value: "false"
+          - name: "KEYCLOAKSEEDING__REALMS__1__UPDATE"
+            value: "false"
+          - name: "KEYCLOAKSEEDING__REALMS__1__DELETE"
+            value: "false"
+
           #############################
           ## MASTER SERVICE ACCOUNTS
           #############################
 
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__Key"
+            value: "Clients"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__CREATE"
+            value: "false"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__UPDATE"
+            value: "false"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__DELETE"
+            value: "false"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__SEEDERCONFIGURATIONS__0__Key"
+            value: "sa-cl1-reg-1"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__SEEDERCONFIGURATIONS__0__CREATE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__SEEDERCONFIGURATIONS__0__UPDATE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__SEEDERCONFIGURATIONS__0__DELETE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__SEEDERCONFIGURATIONS__1__Key"
+            value: "saCX-Operator"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__SEEDERCONFIGURATIONS__1__CREATE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__SEEDERCONFIGURATIONS__1__UPDATE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__0__SEEDERCONFIGURATIONS__1__DELETE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__1__Key"
+            value: "Users"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__1__CREATE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__1__UPDATE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__1__DELETE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__2__Key"
+            value: "Roles"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__2__CREATE"
+            value: "false"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__2__UPDATE"
+            value: "false"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__2__DELETE"
+            value: "false"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__2__SEEDERCONFIGURATIONS__0__Key"
+            value: "cx-admin"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__2__SEEDERCONFIGURATIONS__0__CREATE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__2__SEEDERCONFIGURATIONS__0__UPDATE"
+            value: "true"
+          - name: "KEYCLOAKSEEDING__REALMS__1__SEEDERCONFIGURATION__2__SEEDERCONFIGURATIONS__0__DELETE"
+            value: "true"
           - name: "KEYCLOAKSEEDING__REALMS__1__CLIENTS__0__CLIENTID"
             value: "sa-cl1-reg-1"
           - name: "KEYCLOAKSEEDING__REALMS__1__CLIENTS__0__SECRET"