diff --git a/argocd/broken-apps/broken-rbac.yaml b/argocd/broken-apps/broken-rbac.yaml
new file mode 100644
index 0000000..947462f
--- /dev/null
+++ b/argocd/broken-apps/broken-rbac.yaml
@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: broken-rbac
+  # You'll usually want to add your resources to the argocd namespace.
+  namespace: argocd
+  # Add this finalizer ONLY if you want these to cascade delete.
+  finalizers:
+    # The default behaviour is foreground cascading deletion
+    - resources-finalizer.argocd.argoproj.io
+    # Alternatively, you can use background cascading deletion
+    # - resources-finalizer.argocd.argoproj.io/background
+  # Add labels to your application object.
+  labels:
+    name: broken-rbac
+spec:
+  project: terraform-argocd-project
+  source:
+    targetRevision: argocd-apps
+    repoURL: 'https://github.com/diegolagospagopa/argocd-showcase'
+    path: resources/broken-rbac
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: diego
+  syncPolicy:
+    automated: {}
+  revisionHistoryLimit: 10
diff --git a/resources/broken-rbac/namespace.yaml b/resources/broken-rbac/namespace.yaml
new file mode 100644
index 0000000..733e059
--- /dev/null
+++ b/resources/broken-rbac/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: not-allowed
+  labels:
+    name: not-allowed
diff --git a/resources/broken-rbac/service-account.yaml b/resources/broken-rbac/service-account.yaml
new file mode 100644
index 0000000..9ec71c4
--- /dev/null
+++ b/resources/broken-rbac/service-account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: service-account-pod-read
+  namespace: default