diff --git a/db/src/main/resources/sql/user/create_admin_user.sql b/db/src/main/resources/sql/user/create_admin_user.sql
new file mode 100644
index 000000000..3980dcbc1
--- /dev/null
+++ b/db/src/main/resources/sql/user/create_admin_user.sql
@@ -0,0 +1,22 @@
+-- Copyright 2019 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+-- Script to create a user with read-write permission to schema 'public' and
+-- all tables.
+
+CREATE USER :username ENCRYPTED PASSWORD :'password';
+GRANT CONNECT ON DATABASE postgres TO :username;
+GRANT ALL PRIVILEGES ON SCHEMA public TO :username;
+GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO :username;
+GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO :username;
diff --git a/db/src/main/resources/sql/user/create_readonly_user.sql b/db/src/main/resources/sql/user/create_readonly_user.sql
new file mode 100644
index 000000000..2b5d6b9c2
--- /dev/null
+++ b/db/src/main/resources/sql/user/create_readonly_user.sql
@@ -0,0 +1,21 @@
+-- Copyright 2019 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+-- Script to create a user with read-only permission to all tables.
+
+CREATE USER :username ENCRYPTED PASSWORD :'password';
+GRANT CONNECT ON DATABASE postgres TO :username;
+GRANT USAGE ON SCHEMA public TO :username;
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO :username;
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO :username;
diff --git a/db/src/main/resources/sql/user/create_table_readwrite_user.sql b/db/src/main/resources/sql/user/create_readwrite_user.sql
similarity index 100%
rename from db/src/main/resources/sql/user/create_table_readwrite_user.sql
rename to db/src/main/resources/sql/user/create_readwrite_user.sql