diff --git a/pkg/cluster/database.go b/pkg/cluster/database.go
index e7f201d0c..2ce0636b5 100644
--- a/pkg/cluster/database.go
+++ b/pkg/cluster/database.go
@@ -36,8 +36,8 @@ const (
 	createDatabaseSQL       = `CREATE DATABASE "%s" OWNER "%s";`
 	createDatabaseSchemaSQL = `SET ROLE TO "%s"; CREATE SCHEMA IF NOT EXISTS "%s" AUTHORIZATION "%s"`
 	alterDatabaseOwnerSQL   = `ALTER DATABASE "%s" OWNER TO "%s";`
-	createExtensionSQL      = `CREATE EXTENSION IF NOT EXISTS "%s" SCHEMA "%s"`
-	alterExtensionSQL       = `ALTER EXTENSION "%s" SET SCHEMA "%s"`
+	createExtensionSQL      = `SET ROLE TO "%s"; CREATE EXTENSION IF NOT EXISTS "%s" SCHEMA "%s"`
+	alterExtensionSQL       = `SET ROLE TO "%s"; ALTER EXTENSION "%s" SET SCHEMA "%s"`
 
 	globalDefaultPrivilegesSQL = `SET ROLE TO "%s";
 			ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO "%s","%s";
@@ -504,22 +504,22 @@ func (c *Cluster) getExtensions() (dbExtensions map[string]string, err error) {
 
 // executeCreateExtension creates new extension in the given schema.
 // The caller is responsible for opening and closing the database connection.
-func (c *Cluster) executeCreateExtension(extName, schemaName string) error {
-	return c.execCreateOrAlterExtension(extName, schemaName, createExtensionSQL,
+func (c *Cluster) executeCreateExtension(extName, schemaName, schemaOwner string) error {
+	return c.execCreateOrAlterExtension(extName, schemaName, schemaOwner, createExtensionSQL,
 		"creating extension", "create extension")
 }
 
 // executeAlterExtension changes the schema of the given extension.
 // The caller is responsible for opening and closing the database connection.
-func (c *Cluster) executeAlterExtension(extName, schemaName string) error {
-	return c.execCreateOrAlterExtension(extName, schemaName, alterExtensionSQL,
+func (c *Cluster) executeAlterExtension(extName, schemaName, schemaOwner string) error {
+	return c.execCreateOrAlterExtension(extName, schemaName, schemaOwner, alterExtensionSQL,
 		"changing schema for extension", "alter extension schema")
 }
 
-func (c *Cluster) execCreateOrAlterExtension(extName, schemaName, statement, doing, operation string) error {
+func (c *Cluster) execCreateOrAlterExtension(extName, schemaName, schemaOwner, statement, doing, operation string) error {
 
 	c.logger.Infof("%s %q schema %q", doing, extName, schemaName)
-	if _, err := c.pgDb.Exec(fmt.Sprintf(statement, extName, schemaName)); err != nil {
+	if _, err := c.pgDb.Exec(fmt.Sprintf(statement, schemaOwner, extName, schemaName)); err != nil {
 		return fmt.Errorf("could not execute %s: %v", operation, err)
 	}
 
diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go
index 2823870e3..b017e7d26 100644
--- a/pkg/cluster/sync.go
+++ b/pkg/cluster/sync.go
@@ -833,7 +833,7 @@ func (c *Cluster) syncExtensions(databaseName string, extensions map[string]stri
 	}
 
 	for extName, schema := range createExtensions {
-		if err = c.executeCreateExtension(extName, schema); err != nil {
+		if err = c.executeCreateExtension(extName, schema, databaseName+constants.OwnerRoleNameSuffix); err != nil {
 			return err
 		}
 		// grant privileges on objects created by the extension to default database roles
@@ -846,7 +846,7 @@ func (c *Cluster) syncExtensions(databaseName string, extensions map[string]stri
 		}
 	}
 	for extName, schema := range alterExtensions {
-		if err = c.executeAlterExtension(extName, schema); err != nil {
+		if err = c.executeAlterExtension(extName, schema, databaseName+constants.OwnerRoleNameSuffix); err != nil {
 			return err
 		}
 	}