diff --git a/clusters/yc-infra-prod/infrastructure/patches/postgresql.yaml b/clusters/yc-infra-prod/infrastructure/patches/postgresql.yaml
index d1756ad..171b06c 100644
--- a/clusters/yc-infra-prod/infrastructure/patches/postgresql.yaml
+++ b/clusters/yc-infra-prod/infrastructure/patches/postgresql.yaml
@@ -21,6 +21,7 @@ spec:
       containerSecurityContext:
         readOnlyRootFilesystem: false
       extendedConfiguration: |-
+        listen_addresses = '*'
         fsync = off
         full_page_writes = off
         synchronous_commit = off
diff --git a/infrastructure/pg-sanitizer/base/kustomization.yaml b/infrastructure/pg-sanitizer/base/kustomization.yaml
index ff33a75..33d89c4 100644
--- a/infrastructure/pg-sanitizer/base/kustomization.yaml
+++ b/infrastructure/pg-sanitizer/base/kustomization.yaml
@@ -2,5 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - serviceaccount.yaml
+  - rbac.yaml
   - workflowtemplate.yaml
   - cronworkflow.yaml
diff --git a/infrastructure/pg-sanitizer/base/rbac.yaml b/infrastructure/pg-sanitizer/base/rbac.yaml
new file mode 100644
index 0000000..065f160
--- /dev/null
+++ b/infrastructure/pg-sanitizer/base/rbac.yaml
@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: pg-sanitizer-workflowtaskresults
+  namespace: argo
+rules:
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - workflowtaskresults
+    verbs:
+      - create
+      - get
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: pg-sanitizer-workflowtaskresults
+  namespace: argo
+subjects:
+  - kind: ServiceAccount
+    name: pg-sanitizer
+    namespace: argo
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: pg-sanitizer-workflowtaskresults