diff --git a/ansible/deploy.yaml b/ansible/deploy.yaml
index 9716c8f9401149ad3482a1c7b030b5c97438fd5d..d5db168befc89adcdcf5d7bcae7b6c8007afacae 100644
--- a/ansible/deploy.yaml
+++ b/ansible/deploy.yaml
@@ -72,6 +72,25 @@
                   insertbefore=BOF
     - name: restart postgresql service
       systemd: state=restarted name=postgresql enabled=yes
+    - become: yes
+      become_user: ippidb
+      gather_facts: no
+      vars:
+        dbname: ippidb
+        dbuser: ippidb
+        dbpassword: 'LeroyMerlin'
+      tasks:
+      - name: ensure database is created
+        postgresql_db: name={{dbname}}
+    
+      - name: ensure user has access to database
+        postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL
+    
+      - name: ensure user does not have unnecessary privilege
+        postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB
+      
+      - name: ensure no other user can access the database
+postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent
     #
     # Stop web server(s)
     #