diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl
index a298571ff..f1e149c3c 100644
--- a/common.vars.pkr.hcl
+++ b/common.vars.pkr.hcl
@@ -1 +1 @@
-postgres-version = "15.1.1.61"
+postgres-version = "15.1.1.61-revoke-storage-admin-1"
diff --git a/migrations/db/migrations/20240606060239_grant_predefined_roles_to_postgres.sql b/migrations/db/migrations/20240606060239_grant_predefined_roles_to_postgres.sql
new file mode 100644
index 000000000..324e12416
--- /dev/null
+++ b/migrations/db/migrations/20240606060239_grant_predefined_roles_to_postgres.sql
@@ -0,0 +1,4 @@
+-- migrate:up
+grant pg_read_all_data, pg_signal_backend to postgres;
+
+-- migrate:down
diff --git a/migrations/db/migrations/20240607084701_revoke_supabase_storage_admin_from_postgres.sql b/migrations/db/migrations/20240607084701_revoke_supabase_storage_admin_from_postgres.sql
new file mode 100644
index 000000000..4c854bdde
--- /dev/null
+++ b/migrations/db/migrations/20240607084701_revoke_supabase_storage_admin_from_postgres.sql
@@ -0,0 +1,6 @@
+-- migrate:up
+revoke supabase_storage_admin from postgres;
+revoke create on schema storage from postgres;
+revoke all on storage.migrations from anon, authenticated, service_role, postgres;
+
+-- migrate:down
diff --git a/migrations/tests/database/privs.sql b/migrations/tests/database/privs.sql
index 217da662a..d5d4f590a 100644
--- a/migrations/tests/database/privs.sql
+++ b/migrations/tests/database/privs.sql
@@ -1,4 +1,3 @@
-
 SELECT database_privs_are(
     'postgres', 'postgres', ARRAY['CONNECT', 'TEMPORARY', 'CREATE']
 );
@@ -28,3 +27,6 @@ SELECT schema_privs_are('extensions', 'postgres', array['CREATE', 'USAGE']);
 SELECT schema_privs_are('extensions', 'anon', array['USAGE']);
 SELECT schema_privs_are('extensions', 'authenticated', array['USAGE']);
 SELECT schema_privs_are('extensions', 'service_role', array['USAGE']);
+
+-- Role memberships
+SELECT isnt_member_of('supabase_storage_admin', 'postgres');
diff --git a/migrations/tests/test.sql b/migrations/tests/test.sql
index 6bd7f23a2..7afa40645 100644
--- a/migrations/tests/test.sql
+++ b/migrations/tests/test.sql
@@ -5,7 +5,7 @@ BEGIN;
 
 CREATE EXTENSION IF NOT EXISTS pgtap;
 
-SELECT plan(34);
+SELECT no_plan();
 
 \ir fixtures.sql
 \ir database/test.sql