diff --git a/e2e/tests/test_e2e.py b/e2e/tests/test_e2e.py
index 65f5decbf..9e990e013 100644
--- a/e2e/tests/test_e2e.py
+++ b/e2e/tests/test_e2e.py
@@ -164,9 +164,13 @@ class EndToEndTestCase(unittest.TestCase):
            Test granting additional roles to existing database owners
         '''
         k8s = self.k8s
+
+        # first test - wait for the operator to get in sync and set everything up
+        self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"},
+            "Operator does not get in sync")
         leader = k8s.get_cluster_leader_pod()
 
-        # produce wrong membership from v1.8.0
+        # produce wrong membership for cron_admin
         grant_dbowner = """
             GRANT bar_owner TO cron_admin;
         """
diff --git a/pkg/util/users/users.go b/pkg/util/users/users.go
index 8ce2d67da..fafd06c35 100644
--- a/pkg/util/users/users.go
+++ b/pkg/util/users/users.go
@@ -54,7 +54,6 @@ func (strategy DefaultUserSyncStrategy) ProduceSyncRequests(dbUsers spec.PgUserM
 			}
 		} else {
 			r := spec.PgSyncUserRequest{}
-			r.User = dbUser
 			newMD5Password := util.NewEncryptor(strategy.PasswordEncryption).PGUserPassword(newUser)
 
 			// do not compare for roles coming from docker image
@@ -62,12 +61,13 @@ func (strategy DefaultUserSyncStrategy) ProduceSyncRequests(dbUsers spec.PgUserM
 				r.User.Password = newMD5Password
 				r.Kind = spec.PGsyncUserAlter
 			}
-			if addNewFlags, equal := util.SubstractStringSlices(newUser.Flags, dbUser.Flags); !equal {
-				r.User.Flags = addNewFlags
-				r.Kind = spec.PGsyncUserAlter
-			}
 			if addNewRoles, equal := util.SubstractStringSlices(newUser.MemberOf, dbUser.MemberOf); !equal {
 				r.User.MemberOf = addNewRoles
+				r.User.IsDbOwner = newUser.IsDbOwner
+				r.Kind = spec.PGsyncUserAlter
+			}
+			if addNewFlags, equal := util.SubstractStringSlices(newUser.Flags, dbUser.Flags); !equal {
+				r.User.Flags = addNewFlags
 				r.Kind = spec.PGsyncUserAlter
 			}
 			if r.Kind == spec.PGsyncUserAlter {
@@ -118,6 +118,8 @@ func (strategy DefaultUserSyncStrategy) ExecuteSyncRequests(requests []spec.PgSy
 			if err := strategy.alterPgUser(request.User, db); err != nil {
 				reqretries = append(reqretries, request)
 				errors = append(errors, fmt.Sprintf("could not alter user %q: %v", request.User.Name, err))
+				// check if additional owners are misconfigured as members to a database owner
+				// resolve it by revoking the database owner from the additional owner role
 				if request.User.IsDbOwner && len(additionalOwnerRoles) > 0 {
 					if err := resolveOwnerMembership(request.User, additionalOwnerRoles, db); err != nil {
 						errors = append(errors, fmt.Sprintf("could not resolve owner membership for %q: %v", request.User.Name, err))