diff --git a/charts/kyverno/templates/configmap.yaml b/charts/kyverno/templates/configmap.yaml
index 542de43ead..cf264ed4c3 100644
--- a/charts/kyverno/templates/configmap.yaml
+++ b/charts/kyverno/templates/configmap.yaml
@@ -7,5 +7,13 @@ metadata:
   namespace: {{ .Release.Namespace }}
 data:
   # resource types to be skipped by kyverno policy engine
+  {{- if .Values.config.resourceFilters }}
   resourceFilters: {{ join "" .Values.config.resourceFilters | quote }}
+  {{- end -}}
+  {{- if .Values.config.excludeGroupRole }}
+  excludeGroupRole: {{ join "" .Values.config.excludeGroupRole | quote }}
+  {{- end -}}
+  {{- if .Values.config.excludeUsername }}
+  excludeUsername: {{ join "" .Values.config.excludeUsername | quote }}
+  {{- end -}}
 {{- end -}}
\ No newline at end of file
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index d92a76e99f..a036540a46 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -99,7 +99,10 @@ config:
   - "[*,kyverno,*]"
   # Or give the name of an existing config map (ignores default/provided resourceFilters)
   existingConfig: ''
-  excludeGroupRole: ''
+  excludeGroupRole:
+#  - ""
+  excludeUsername:
+#  - ""
   # existingConfig: init-config
 
 service:
diff --git a/pkg/config/dynamicconfig.go b/pkg/config/dynamicconfig.go
index a9ca525915..6014035a72 100644
--- a/pkg/config/dynamicconfig.go
+++ b/pkg/config/dynamicconfig.go
@@ -109,6 +109,8 @@ func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapI
 	if excludeGroupRole != "" {
 		cd.log.Info("init configuration from commandline arguments for excludeGroupRole")
 		cd.initRbac("excludeRoles", excludeGroupRole)
+	}else{
+		cd.initRbac("excludeRoles", "")
 	}
 
 	if excludeUsername != "" {
@@ -180,50 +182,28 @@ func (cd *ConfigData) load(cm v1.ConfigMap) {
 		logger.V(4).Info("configuration: No data defined in ConfigMap")
 		return
 	}
+	// parse and load the configuration
+	cd.mux.Lock()
+	defer cd.mux.Unlock()
 	// get resource filters
 	filters, ok := cm.Data["resourceFilters"]
-	if !ok {
+	if !ok  {
 		logger.V(4).Info("configuration: No resourceFilters defined in ConfigMap")
-		return
+	}else{
+		newFilters := parseKinds(filters)
+		if reflect.DeepEqual(newFilters, cd.filters) {
+			logger.V(4).Info("resourceFilters did not change")
+		} else {
+			logger.V(2).Info("Updated resource filters", "oldFilters", cd.filters, "newFilters", newFilters)
+			// update filters
+			cd.filters = newFilters
+		}
 	}
 
 	// get resource filters
 	excludeGroupRole, ok := cm.Data["excludeGroupRole"]
-	if !ok {
+	if !ok  {
 		logger.V(4).Info("configuration: No excludeGroupRole defined in ConfigMap")
-		return
-	}
-	// get resource filters
-	excludeUsername, ok := cm.Data["excludeUsername"]
-	if !ok {
-		logger.V(4).Info("configuration: No excludeUsername defined in ConfigMap")
-		return
-	}
-	// filters is a string
-	if filters == "" {
-		logger.V(4).Info("configuration: resourceFilters is empty in ConfigMap")
-		return
-	}
-	if excludeGroupRole == "" {
-		logger.V(4).Info("configuration: excludeGroupRole is empty in ConfigMap")
-		return
-	}
-
-	if excludeUsername == "" {
-		logger.V(4).Info("configuration: excludeUsername is empty in ConfigMap")
-		return
-	}
-	// parse and load the configuration
-	cd.mux.Lock()
-	defer cd.mux.Unlock()
-
-	newFilters := parseKinds(filters)
-	if reflect.DeepEqual(newFilters, cd.filters) {
-		logger.V(4).Info("resourceFilters did not change")
-	} else {
-		logger.V(2).Info("Updated resource filters", "oldFilters", cd.filters, "newFilters", newFilters)
-		// update filters
-		cd.filters = newFilters
 	}
 	newExcludeGroupRoles := parseRbac(excludeGroupRole)
 	newExcludeGroupRoles = append(newExcludeGroupRoles, defaultExcludeGroupRole...)
@@ -235,13 +215,19 @@ func (cd *ConfigData) load(cm v1.ConfigMap) {
 		cd.excludeGroupRole = newExcludeGroupRoles
 	}
 
-	excludeUsernames := parseRbac(excludeUsername)
-	if reflect.DeepEqual(excludeUsernames, cd.excludeUsername) {
-		logger.V(4).Info("excludeGroupRole did not change")
-	} else {
-		logger.V(2).Info("Updated resource excludeUsernames", "oldExcludeUsername", cd.excludeUsername, "newExcludeUsername", excludeUsernames)
-		// update filters
-		cd.excludeUsername = excludeUsernames
+	// get resource filters
+	excludeUsername, ok := cm.Data["excludeUsername"]
+	if !ok  {
+		logger.V(4).Info("configuration: No excludeUsername defined in ConfigMap")
+	}else{
+		excludeUsernames := parseRbac(excludeUsername)
+		if reflect.DeepEqual(excludeUsernames, cd.excludeUsername) {
+			logger.V(4).Info("excludeGroupRole did not change")
+		} else {
+			logger.V(2).Info("Updated resource excludeUsernames", "oldExcludeUsername", cd.excludeUsername, "newExcludeUsername", excludeUsernames)
+			// update filters
+			cd.excludeUsername = excludeUsernames
+		}
 	}
 
 }