diff --git a/manifests/complete-postgres-manifest.yaml b/manifests/complete-postgres-manifest.yaml
index a38988e5c..98e993957 100644
--- a/manifests/complete-postgres-manifest.yaml
+++ b/manifests/complete-postgres-manifest.yaml
@@ -24,11 +24,12 @@ spec:
   databases:
     foo: zalando
   preparedDatabases:
-    ab_db:
+    bar:
       schemas:
         data: {}
         history:
-          defaultRoles: false
+          defaultRoles: true
+          defaultUsers: false
 
 # Expert section
 
diff --git a/pkg/apis/acid.zalan.do/v1/postgresql_type.go b/pkg/apis/acid.zalan.do/v1/postgresql_type.go
index ec2318d92..645a4cd4c 100644
--- a/pkg/apis/acid.zalan.do/v1/postgresql_type.go
+++ b/pkg/apis/acid.zalan.do/v1/postgresql_type.go
@@ -76,15 +76,15 @@ type PostgresqlList struct {
 	Items []Postgresql `json:"items"`
 }
 
-// PreparedDatabase describes elements to be bootstrapped (schemas, prod-prefix)
+// PreparedDatabase describes elements to be bootstrapped
 type PreparedDatabase struct {
 	PreparedSchemas map[string]PreparedSchema `json:"schemas,omitempty"`
-	Prod            bool                      `json:"prod,omitempty"`
 }
 
 // PreparedSchema describes elements to be bootstrapped in the schema
 type PreparedSchema struct {
 	DefaultRoles *bool `json:"defaultRoles,omitempty" defaults:"true"`
+	DefaultUsers bool  `json:"defaultUsers,omitempty" defaults:"false"`
 }
 
 // MaintenanceWindow describes the time window when the operator is allowed to do maintenance on a cluster.
diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go
index dd54f2dc3..f9b8f09f6 100644
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@@ -786,9 +786,15 @@ func (c *Cluster) initPreparedDatabaseRoles() error {
 		c.Spec.PreparedDatabases = preparedDatabases
 	}
 
+	defaultRoles := map[string]string{"_owner": "", "_reader": "", "_writer": "_reader"}
+	defaultUsers := map[string]string{"_owner_user": "_owner", "_reader_user": "_reader", "_writer_user": "_writer"}
+
 	for preparedDbName, preparedDB := range preparedDatabases {
 		// default roles per database
-		if err := c.initDefaultRoles("admin", preparedDbName); err != nil {
+		if err := c.initDefaultRoles(defaultRoles, "admin", preparedDbName); err != nil {
+			return fmt.Errorf("could not initialize default roles for database %s: %v", preparedDbName, err)
+		}
+		if err := c.initDefaultRoles(defaultUsers, "admin", preparedDbName); err != nil {
 			return fmt.Errorf("could not initialize default roles for database %s: %v", preparedDbName, err)
 		}
 
@@ -799,19 +805,21 @@ func (c *Cluster) initPreparedDatabaseRoles() error {
 		}
 		for preparedSchemaName, preparedSchema := range preparedSchemas {
 			if preparedSchema.DefaultRoles == nil || *preparedSchema.DefaultRoles {
-				if err := c.initDefaultRoles(preparedDbName+"_owner", preparedDbName+"_"+preparedSchemaName); err != nil {
+				if err := c.initDefaultRoles(defaultRoles, preparedDbName+"_owner", preparedDbName+"_"+preparedSchemaName); err != nil {
 					return fmt.Errorf("could not initialize default roles for database schema %s: %v", preparedSchemaName, err)
 				}
+				if preparedSchema.DefaultUsers {
+					if err := c.initDefaultRoles(defaultUsers, preparedDbName+"_owner", preparedDbName+"_"+preparedSchemaName); err != nil {
+						return fmt.Errorf("could not initialize default users for database schema %s: %v", preparedSchemaName, err)
+					}
+				}
 			}
 		}
 	}
 	return nil
 }
 
-func (c *Cluster) initDefaultRoles(admin, prefix string) error {
-	defaultRoles := map[string]string{
-		"_owner": "", "_reader": "", "_writer": "_reader",
-		"_owner_user": "_owner", "_reader_user": "_reader", "_writer_user": "_writer"}
+func (c *Cluster) initDefaultRoles(defaultRoles map[string]string, admin, prefix string) error {
 
 	for defaultRole, inherits := range defaultRoles {
 
diff --git a/pkg/cluster/database.go b/pkg/cluster/database.go
index 907140284..e8b053f3d 100644
--- a/pkg/cluster/database.go
+++ b/pkg/cluster/database.go
@@ -297,9 +297,11 @@ func (c *Cluster) execCreateDatabaseSchema(datname, schemaName, dbOwner, schemaO
 	}
 
 	// set default privileges for schema
-	c.execAlterSchemaDefaultPrivileges(schemaName, dbOwner, datname+"_"+schemaName)
 	c.execAlterSchemaDefaultPrivileges(schemaName, schemaOwner, datname)
-	c.execAlterSchemaDefaultPrivileges(schemaName, schemaOwner, datname+"_"+schemaName)
+	if schemaOwner != dbOwner {
+		c.execAlterSchemaDefaultPrivileges(schemaName, dbOwner, datname+"_"+schemaName)
+		c.execAlterSchemaDefaultPrivileges(schemaName, schemaOwner, datname+"_"+schemaName)
+	}
 
 	return nil
 }