Installation on a specific namespace without cluster wide permission

We use Rancher and I have a user with only access to specific project. I can create namespace and I'm the owner of the project. Thx in advance!!

Our values.yml

imagePullPolicy: IfNotPresent
gitlabUrl: https://URLOFOURGITLAB/
runnerRegistrationToken: "OURTOKEN"
unregisterRunners: true
certsSecretName: 'gitlab-certificate'
concurrent: 10
checkInterval: 10
rbac:
  create: true
  clusterWideAccess: false
metrics:
  enabled: true
runners:
  image: ubuntu:16.04
  privileged: true
  cache:
    cacheType: s3
    cacheShared: true
    s3ServerAddress: s3-minio:9000
    s3BucketName: cache
    s3CacheInsecure: true
    secretName: s3-minio
  builds: {}
  services: {}
  helpers: {}
  env:
    DOCKER_HOST: tcp://docker-dind:2375
    DOCKER_DRIVER: overlay2
    HTTP_PROXY: http://ourproxy:80
    HTTPS_PROXY: http://ourproxy:80
    NO_PROXY: "docker-dind,s3-minio,localhost,127.0.0.0/8"
resources: {}
affinity: {}
nodeSelector: {}
tolerations: []
hostAliases: []
podAnnotations: {}

The error message

helm template . --values values.yaml  --namespace gitlab-ci | kubectl --namespace gitlab-ci apply -f -
secret/release-name-gitlab-runner created
configmap/release-name-gitlab-runner created
serviceaccount/release-name-gitlab-runner created
deployment.extensions/release-name-gitlab-runner created
Error from server (Forbidden): error when creating "STDIN": roles.rbac.authorization.k8s.io "release-name-gitlab-runner" is forbidden: user "u-px2eduvvj2" (groups=["activedirectory_group://CN=********************EmpM,OU=********** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=*****,OU=**** Groups,OU=****,OU=**********,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********-GPM,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=********** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=**** Groups,OU=****,OU=**********,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********_DYN,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=************************,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=**** Groups,OU=****,OU=**********,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=**** Groups,OU=****,OU=**********,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=**** Groups,OU=****,OU=**********,DC=****,DC=****,DC=***,DC=**" "system:**********"]) is attempting to grant RBAC permissions not currently held:
{APIGroups:[""], Resources:["*"], Verbs:["*"]}