diff --git a/.gitignore b/.gitignore
index 8ed98b028..19fdc3bb1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,5 +26,6 @@ _testmain.go
 /.glide/
 /build/
 /docker/build/
+.idea
 
 scm-source.json
diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml
index c9bff1cca..a9a2a16d3 100644
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@@ -27,6 +27,9 @@ data:
   resource_check_timeout: 10m
   resync_period: 5m
   super_username: postgres
+  enable_teams_api: "false"
+  enable_team_superuser: "false"
+  team_admin_role: "admin"
   teams_api_url: http://fake-teams-api.default.svc.cluster.local
   workers: "4"
   enable_load_balancer: "true"
diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go
index b826106f9..3edb3a56b 100644
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@@ -644,8 +644,17 @@ func (c *Cluster) initHumanUsers() error {
 		return fmt.Errorf("could not get list of team members: %v", err)
 	}
 	for _, username := range teamMembers {
-		flags := []string{constants.RoleFlagLogin, constants.RoleFlagSuperuser}
+		flags := []string{constants.RoleFlagLogin}
 		memberOf := []string{c.OpConfig.PamRoleName}
+
+		if c.OpConfig.EnableTeamSuperuser {
+			flags = append(flags, constants.RoleFlagSuperuser)
+		} else {
+			if c.OpConfig.TeamAdminRole != "" {
+				memberOf = append(memberOf, c.OpConfig.TeamAdminRole)
+			}
+		}
+
 		c.pgUsers[username] = spec.PgUser{Name: username, Flags: flags, MemberOf: memberOf}
 	}
 
diff --git a/pkg/util/config/config.go b/pkg/util/config/config.go
index b9efd7725..fccd27c4c 100644
--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@@ -58,6 +58,8 @@ type Config struct {
 	DebugLogging          bool           `name:"debug_logging" default:"true"`
 	EnableDBAccess        bool           `name:"enable_database_access" default:"true"`
 	EnableTeamsAPI        bool           `name:"enable_teams_api" default:"true"`
+	EnableTeamSuperuser   bool           `name:"enable_team_superuser" default:"false"`
+	TeamAdminRole         string         `name:"team_admin_role" default:"admin"`
 	EnableLoadBalancer    bool           `name:"enable_load_balancer" default:"true"`
 	MasterDNSNameFormat   stringTemplate `name:"master_dns_name_format" default:"{cluster}.{team}.{hostedzone}"`
 	ReplicaDNSNameFormat  stringTemplate `name:"replica_dns_name_format" default:"{cluster}-repl.{team}.{hostedzone}"`