diff --git a/defaults/main.yml b/defaults/main.yml
index 2c5221f..49d27c2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -30,12 +30,15 @@ trove_api_program_name: trove-api
 trove_conductor_program_name: trove-conductor
 trove_taskmanager_program_name: trove-taskmanager
 
+trove_regular_user_name: regular_trove_user
+trove_admin_user_name: admin_trove_user
+
 trove_service_name: trove
-trove_service_user_name: trove
+trove_service_tenant_name: trove_for_trove_usage
 trove_service_type: database
 trove_service_description: "OpenStack DBaaS (Trove)"
 trove_service_project_name: service
-trove_service_role_names:
+trove_service_admin_role_names:
   - admin
 trove_service_region: RegionOne
 trove_service_host: "0.0.0.0"
diff --git a/extras/user_secrets.yml b/extras/user_secrets.yml
index 79156d3..816147c 100755
--- a/extras/user_secrets.yml
+++ b/extras/user_secrets.yml
@@ -2,3 +2,5 @@
 trove_galera_password:
 trove_rabbitmq_password:
 trove_service_password:
+trove_admin_user_password:
+trove_regular_user_password:
diff --git a/tasks/trove_service_setup.yml b/tasks/trove_service_setup.yml
index 179a370..fb4fad4 100644
--- a/tasks/trove_service_setup.yml
+++ b/tasks/trove_service_setup.yml
@@ -15,6 +15,27 @@
 #
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
+# Reference: http://docs.openstack.org/developer/trove/dev/manual_install.html
+- name: Ensure the trove tenant exists
+  keystone:
+    command: "ensure_tenant"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+    tenant_name: "{{ trove_service_tenant_name }}"
+    project_name: "{{ trove_service_project_name }}"
+    description: "{{ trove_service_description }}"
+  register: add_trove_tenant
+  until: add_trove_tenant |success
+  retries: 5
+  delay: 2
+  tags:
+    - trove-api-setup
+    - trove-service-add
+    - trove-setup
+
 - name: Ensure the service for trove exists
   keystone:
     command: "ensure_service"
@@ -35,7 +56,7 @@
     - trove-service-add
     - trove-setup
 
-- name: Ensure the trove user exists
+- name: Ensure the trove regular user exists
   keystone:
     command: "ensure_user"
     endpoint: "{{ keystone_service_adminurl }}"
@@ -43,11 +64,12 @@
     login_password: "{{ keystone_auth_admin_password }}"
     login_project_name: "{{ keystone_admin_tenant_name }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
-    user_name: "{{ trove_service_user_name }}"
-    tenant_name: "{{ trove_service_project_name }}"
-    password: "{{ trove_service_password }}"
-  register: add_trove_user
-  until: add_trove_user |success
+    user_name: "{{ trove_regular_user_name }}"
+    tenant_name: "{{ trove_service_tenant_name }}"
+    password: "{{ trove_regular_user_password }}"
+    project_name: "{{ trove_service_project_name }}"
+  register: add_trove_regular_user
+  until: add_trove_regular_user |success
   retries: 5
   delay: 2
   tags:
@@ -56,22 +78,45 @@
     - trove-user-add
     - trove-setup
 
-- name: Ensure the trove user has the admin role
+- name: Ensure the trove admin user exists
+  keystone:
+    command: "ensure_user"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+    user_name: "{{ trove_admin_user_name }}"
+    tenant_name: "{{ trove_service_tenant_name }}"
+    password: "{{ trove_admin_user_password }}"
+    project_name: "{{ trove_service_project_name }}"
+  register: add_trove_admin_user
+  until: add_trove_admin_user |success
+  retries: 5
+  delay: 2
+  tags:
+    - trove-api-setup
+    - trove-service-add
+    - trove-user-add
+    - trove-setup
+
+- name: Ensure the trove admin user has the admin role
   keystone:
     command: "ensure_user_role"
     endpoint: "{{ keystone_service_adminurl }}"
     login_user: "{{ keystone_admin_user_name }}"
     login_password: "{{ keystone_auth_admin_password }}"
     login_project_name: "{{ keystone_admin_tenant_name }}"
-    user_name: "{{ trove_service_user_name }}"
-    tenant_name: "{{ trove_service_project_name }}"
+    user_name: "{{ trove_admin_user_name }}"
+    tenant_name: "{{ trove_service_tenant_name }}"
     role_name: "{{ item }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: ensure_trove_roles
-  until: ensure_trove_roles |success
+    project_name: "{{ trove_service_project_name }}"
+  register: ensure_trove_admin_roles
+  until: ensure_trove_admin_roles |success
   retries: 5
   delay: 2
-  with_items: "{{ trove_service_role_names }}"
+  with_items: "{{ trove_service_admin_role_names }}"
 
 - name: Ensure the trove endpoint is registered
   keystone:
diff --git a/tests/test-vars.yml b/tests/test-vars.yml
index b646eaa..525b537 100644
--- a/tests/test-vars.yml
+++ b/tests/test-vars.yml
@@ -29,6 +29,8 @@ trove_rabbitmq_userid: trove
 trove_rabbitmq_vhost: /trove
 trove_requirements_git_install_branch: master
 trove_service_password: "secrete"
+trove_regular_user_password: "secrete"
+trove_admin_user_password: "secrete"
 trove_service_project_domain_id: default
 trove_service_project_name: service
 trove_service_region: RegionOne