diff --git a/api/v1/policy_types.go b/api/v1/policy_types.go
index 07cb1572..9c896344 100644
--- a/api/v1/policy_types.go
+++ b/api/v1/policy_types.go
@@ -67,6 +67,10 @@ type PolicyDependency struct {
 }
 
 type HubTemplateOptions struct {
+	// ServiceAccountName is the name of a service account in the same namespace as the policy to use for all hub
+	// template lookups. The service account must have list and watch permissions on any object the hub templates
+	// look up. If not specified, lookups are restricted to namespaced objects in the same namespace as the policy and
+	// to the `ManagedCluster` object associated with the propagated policy.
 	ServiceAccountName string `json:"serviceAccountName,omitempty"`
 }
 
diff --git a/deploy/crds/kustomize/policy.open-cluster-management.io_policies.yaml b/deploy/crds/kustomize/policy.open-cluster-management.io_policies.yaml
index 3cb4594b..1e124fed 100644
--- a/deploy/crds/kustomize/policy.open-cluster-management.io_policies.yaml
+++ b/deploy/crds/kustomize/policy.open-cluster-management.io_policies.yaml
@@ -122,6 +122,11 @@ spec:
                   templates.
                 properties:
                   serviceAccountName:
+                    description: |-
+                      ServiceAccountName is the name of a service account in the same namespace as the policy to use for all hub
+                      template lookups. The service account must have list and watch permissions on any object the hub templates
+                      look up. If not specified, lookups are restricted to namespaced objects in the same namespace as the policy and
+                      to the `ManagedCluster` object associated with the propagated policy.
                     type: string
                 type: object
               policy-templates:
diff --git a/deploy/crds/policy.open-cluster-management.io_policies.yaml b/deploy/crds/policy.open-cluster-management.io_policies.yaml
index 4a611d94..896bff47 100644
--- a/deploy/crds/policy.open-cluster-management.io_policies.yaml
+++ b/deploy/crds/policy.open-cluster-management.io_policies.yaml
@@ -134,6 +134,11 @@ spec:
                   templates.
                 properties:
                   serviceAccountName:
+                    description: >-
+                      ServiceAccountName is the name of a service account in the same namespace as the policy to use for all hub
+                      template lookups. The service account must have list and watch permissions on any object the hub templates
+                      look up. If not specified, lookups are restricted to namespaced objects in the same namespace as the policy and
+                      to the `ManagedCluster` object associated with the propagated policy.
                     type: string
                 type: object
               policy-templates: