diff --git a/k8s/helmfile/env/production/argo-cd-base.values.yaml.gotmpl b/k8s/helmfile/env/production/argo-cd-base.values.yaml.gotmpl
index ed0c42318..8525d9baa 100644
--- a/k8s/helmfile/env/production/argo-cd-base.values.yaml.gotmpl
+++ b/k8s/helmfile/env/production/argo-cd-base.values.yaml.gotmpl
@@ -8,6 +8,7 @@ dex:
 
 configs:
   cm:
+    users.anonymous.enabled: true
     admin.enabled: false
 
     ui.bannerpermanent: true
@@ -23,6 +24,20 @@ configs:
         }
     }
 
+  rbac:
+    "policy.default": "role:unauthenticated"
+    "policy.csv": |
+        g, anonymous, role:unauthenticated
+        p, role:unauthenticated, applications, get, */*, allow
+        p, role:unauthenticated, clusters, get, */*, allow
+        p, role:unauthenticated, projects, get, *, allow
+        p, role:unauthenticated, repositories, get, *, allow
+        p, role:unauthenticated, repositories, list, *, allow
+        p, role:unauthenticated, repositories, validate, *, allow
+        p, role:unauthenticated, accounts, get, *, allow
+        p, role:unauthenticated, certificates, get, *, allow
+        p, role:unauthenticated, gpgkeys, get, *, allow
+
 controller:
   resources:
    limits: