diff --git a/Chart.yaml b/Chart.yaml
index 0b0c27ec4c0adbe4b1de858901527142a7270f52..35981621b9ace531772aaf44752de25bbef6325b 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -1,4 +1,4 @@
 apiVersion: v2
 name: constraint-templates
-version: 1.6.1
+version: 1.6.2
 appVersion: 1.0.0
diff --git a/rego/allow_rollout_restart_deployment/policy.rego b/rego/allow_rollout_restart_deployment/policy.rego
index 6acd89dd7ed16660f3ee4771c79847f6ed80b8db..8c52729d829dc48d60917a7a41b1eb3d6a3dcf7f 100644
--- a/rego/allow_rollout_restart_deployment/policy.rego
+++ b/rego/allow_rollout_restart_deployment/policy.rego
@@ -3,6 +3,7 @@ package allow_rollout_restart_deployment
 # Violation caused when user is not the local flux, nor stakater-reloader, and not in the admin group, trying to use UPDATE to change a DEPLOYMENT. The old annotations get patched with a value to build the datastructure, but it gets removed in the next step, so the value is innocuous.
 violation[{"msg": msg}] {
     not input.review.userInfo.username == "system:serviceaccount:platform-stakater-reloader:stakater-reloader"
+    not input.review.userInfo.username == "system:serviceaccount:platform-prometheus-stack:prometheus-kube-prometheus-operator"
     flux_username := concat("",["system:serviceaccount:",input.review.namespace,":flux"])
     not input.review.userInfo.username == flux_username
     not contains(input.review.userInfo.groups, "oidc:it.platform.roles.admin")
diff --git a/rego/allow_rollout_restart_statefulset/policy.rego b/rego/allow_rollout_restart_statefulset/policy.rego
index 122f143d21b0425835f6f4958798164267d6515b..411482ae8b28519149a57d3061b38ce70943e17d 100644
--- a/rego/allow_rollout_restart_statefulset/policy.rego
+++ b/rego/allow_rollout_restart_statefulset/policy.rego
@@ -3,6 +3,7 @@ package allow_rollout_restart_statefulset
 # Violation caused when user is not local flux, not the stakater-reloader, and not in the admin group, trying to use UPDATE to change a StatefulSet. The old annotations get patched with a value to build the datastructure, but it gets removed in the next step, so the value is innocuous.
 violation[{"msg": msg}] {
     not input.review.userInfo.username == "system:serviceaccount:platform-stakater-reloader:stakater-reloader"
+    not input.review.userInfo.username == "system:serviceaccount:platform-prometheus-stack:prometheus-kube-prometheus-operator"
     flux_username := concat("",["system:serviceaccount:",input.review.namespace,":flux"])
     not input.review.userInfo.username == flux_username
     not contains(input.review.userInfo.groups, "oidc:it.platform.roles.admin")