diff --git a/site-modules/profile/manifests/postgresql/server.pp b/site-modules/profile/manifests/postgresql/server.pp
--- a/site-modules/profile/manifests/postgresql/server.pp
+++ b/site-modules/profile/manifests/postgresql/server.pp
@@ -4,6 +4,7 @@
   $swh_base_directory = lookup('swh::base_directory')
 
   $postgres_pass = lookup('swh::deploy::db::postgres::password')
+  $swh_admin_pass = lookup('swh::deploy::db::swh_admin::password')
   $listen_addresses = lookup('swh::postgresql::listen_addresses').join(',')
 
   # allow access through credentials
@@ -32,12 +33,21 @@
     require                 => Class['profile::postgresql::apt_config']
   }
 
+  # read-only user
   $guest = 'guest'
   postgresql::server::role { $guest:
     password_hash => postgresql_password($guest, 'guest'),
     require       => Class['postgresql::server']
   }
 
+  # admin user to initialize db
+  $swh_admin = "swh-admin"
+  postgresql::server::role { $swh_admin:
+    password_hash => postgresql_password($swh_admin, $swh_admin_pass),
+    superuser     => true,
+    require       => Class['postgresql::server']
+  }
+
   $dbs = lookup('swh::dbs')
   each($dbs) | $db_type, $db_config | {
     # db_type in {storage, indexer, scheduler, etc...}