diff --git a/README.md b/README.md
index ecb34cd58..ea63d2b97 100644
--- a/README.md
+++ b/README.md
@@ -218,8 +218,8 @@ Three roles are created:
 - **explorer-generator**: Suitable for generating and updating summaries (ie. Running `cubedash-gen`)
 - **explorer-owner**: For creating and updating the schema. (ie. Running `cubedash-gen --init`)
 
-Note that these roles extend the built-in datacube role `agdc_user`. If you
-created your datacube without permissions, a stand-alone creator of the `agdc_user`
+Note that these roles extend the built-in datacube role `agdc_user` (using postgres) or `odc_user` (using postgis).
+If you created your datacube without permissions, a stand-alone creator of the appropriate
 role is available as a prerequisite in the same [roles](cubedash/summary/roles)
 directory.
 
diff --git a/cubedash/summary/roles/postgis/10-prereq-datacube-user.sql b/cubedash/summary/roles/postgis/10-prereq-datacube-user.sql
new file mode 100644
index 000000000..6ab1917b1
--- /dev/null
+++ b/cubedash/summary/roles/postgis/10-prereq-datacube-user.sql
@@ -0,0 +1,21 @@
+
+--
+-- This is a stand-alone copy of the built-in datacube odc_user role.
+--
+-- It's built-in to datacube but optional:
+-- https://github.com/opendatacube/datacube-core/blob/1353bde7e2cc0bb095b53a60351fd5c301d1b3c4/datacube/drivers/postgres/_core.py#L118-L120
+--
+-- You do not need to run this file if you already use datacube's
+-- default roles.
+--
+-- Explorer is a datacube user, and so its roles extend odc_user.
+--
+begin;
+
+create role odc_user nologin inherit;
+comment on role odc_user is 'Default read-only datacube user role';
+grant usage on schema odc to odc_user;
+grant select on all tables in schema odc to odc_user;
+grant execute on function odc.common_timestamp(TEXT) to odc_user;
+
+commit;
diff --git a/cubedash/summary/roles/postgis/20-role-creation.sql b/cubedash/summary/roles/postgis/20-role-creation.sql
new file mode 100644
index 000000000..a91bfee6b
--- /dev/null
+++ b/cubedash/summary/roles/postgis/20-role-creation.sql
@@ -0,0 +1,29 @@
+
+--
+-- Create the three Explorer roles.
+--
+-- This can be run on an existing host if adding the roles for the first time.
+--
+begin;
+
+----- Explorer Viewer -----
+-- A read-only user of datacube and explorer
+-- (Suitable for Web interface, cli commands)
+create user explorer_viewer inherit in role odc_user;
+comment on role explorer_viewer is 'Explorer read-only viewer';
+grant usage on schema cubedash to explorer_viewer;
+grant select on all tables in schema cubedash to explorer_viewer;
+
+----- Explorer Generator -----
+-- Suitable for generating and updating summaries
+-- (ie. Running `cubedash-gen`)
+create user explorer_generator inherit in role explorer_viewer;
+comment on role explorer_generator is 'Explorer data summariser (for running cubedash-gen)';
+
+----- Explorer Owner -----
+-- For creating and updating the schema.
+-- (ie. Running `cubedash-gen --init`)
+create user explorer_owner inherit in role explorer_generator;
+comment on role explorer_owner is 'Explorer schema creator and updater';
+
+commit;
diff --git a/cubedash/summary/roles/10-prereq-datacube-user.sql b/cubedash/summary/roles/postgres/10-prereq-datacube-user.sql
similarity index 100%
rename from cubedash/summary/roles/10-prereq-datacube-user.sql
rename to cubedash/summary/roles/postgres/10-prereq-datacube-user.sql
diff --git a/cubedash/summary/roles/20-role-creation.sql b/cubedash/summary/roles/postgres/20-role-creation.sql
similarity index 100%
rename from cubedash/summary/roles/20-role-creation.sql
rename to cubedash/summary/roles/postgres/20-role-creation.sql