diff --git a/rancher2/resource_rancher2_role_template.go b/rancher2/resource_rancher2_role_template.go
index 68318ac5..9b1a73a4 100644
--- a/rancher2/resource_rancher2_role_template.go
+++ b/rancher2/resource_rancher2_role_template.go
@@ -2,10 +2,11 @@ package rancher2
 
 import (
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"log"
 	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 )
 
@@ -110,7 +111,14 @@ func resourceRancher2RoleTemplateUpdate(d *schema.ResourceData, meta interface{}
 			"rules":           expandPolicyRules(d.Get("rules").([]interface{})),
 			"annotations":     toMapString(d.Get("annotations").(map[string]interface{})),
 			"labels":          toMapString(d.Get("labels").(map[string]interface{})),
-			"externalRules":   expandPolicyRules(d.Get("external_rules").([]interface{})),
+		}
+
+		if update["external"].(bool) {
+			if v, ok := d.Get("external_rules").([]interface{}); ok && len(v) > 0 {
+				update["externalRules"] = expandPolicyRules(v)
+			}
+		} else {
+			update["externalRules"] = nil
 		}
 
 		switch update["context"] {