diff --git a/website/content/docs/installing/postgres.mdx b/website/content/docs/installing/postgres.mdx
index b9d81a801c..612f334b0e 100644
--- a/website/content/docs/installing/postgres.mdx
+++ b/website/content/docs/installing/postgres.mdx
@@ -16,4 +16,20 @@ Boundary has only been tested on Postgres 11 or greater.
 
 ## Network
 
-Boundary controllers must be able to reach Postgres. In non-HA configurations, this means Boundary servers; if you're running in [high availability](/docs/installing/high-availability), then the controllers need access to the Postgres server infrastructure. Worker nodes never need access to the database.
\ No newline at end of file
+Boundary controllers must be able to reach Postgres.
+In non-HA configurations, this means Boundary servers;
+if you're running in [high availability](/docs/installing/high-availability),
+then the controllers need access to the Postgres server infrastructure.
+Worker nodes never need access to the database.
+
+## Users/Roles
+
+After the database has been initialized,
+the database user for a Boundary Controller
+only requires permissions for [Data Manipulation](https://www.postgresql.org/docs/current/dml.html)
+(select, insert, update, and delete) operations.
+
+Database initialization requires elevated privileges.
+When initializing the database with the `boundary database init` command,
+the boundary database user
+requires the `superuser` role plus `all privileges` on the boundary database.