diff --git a/Shogi.Api/Models/User.cs b/Shogi.Api/Models/User.cs
index 0199f82..a0620b6 100644
--- a/Shogi.Api/Models/User.cs
+++ b/Shogi.Api/Models/User.cs
@@ -30,10 +30,6 @@ public class User
 
   public WhichLoginPlatform LoginPlatform { get; }
 
-  public bool IsGuest => LoginPlatform == WhichLoginPlatform.Guest;
-
-  public bool IsAdmin => LoginPlatform == WhichLoginPlatform.Microsoft && Id == "Hauth@live.com";
-
   public User(string id, string displayName, WhichLoginPlatform platform)
   {
     Id = id;
diff --git a/Shogi.Api/Program.cs b/Shogi.Api/Program.cs
index b7d1367..6f79d4f 100644
--- a/Shogi.Api/Program.cs
+++ b/Shogi.Api/Program.cs
@@ -48,16 +48,17 @@ namespace Shogi.Api
             // Configure the HTTP request pipeline.
             if (app.Environment.IsDevelopment())
             {
-                app.UseSwagger();
-                app.UseSwaggerUI(options =>
-                {
-                    options.OAuthScopes("api://c1e94676-cab0-42ba-8b6c-9532b8486fff/DefaultScope");
-                    options.OAuthConfigObject.ClientId = builder.Configuration["AzureAd:SwaggerUIClientId"];
-                    options.OAuthConfigObject.UsePkceWithAuthorizationCodeGrant = true;
-                });
                 app.UseHttpsRedirection(); // Apache handles HTTPS in production.
             }
 
+            app.UseSwagger();
+            app.UseSwaggerUI(options =>
+            {
+                options.OAuthScopes("api://c1e94676-cab0-42ba-8b6c-9532b8486fff/DefaultScope");
+                options.OAuthConfigObject.ClientId = builder.Configuration["AzureAd:SwaggerUIClientId"];
+                options.OAuthConfigObject.UsePkceWithAuthorizationCodeGrant = true;
+            });
+
             UseCorsAndWebSockets(app, allowedOrigins);
 
             app.UseAuthentication();
@@ -211,6 +212,7 @@ namespace Shogi.Api
                     BearerFormat = "JWT",
                     In = ParameterLocation.Header,
                 });
+
                 // This adds the lock symbol next to every route in SwaggerUI.
                 options.AddSecurityRequirement(new OpenApiSecurityRequirement
                 {
diff --git a/Shogi.Database/FirstTimeSetup.sql b/Shogi.Database/FirstTimeSetup.sql
new file mode 100644
index 0000000..ed1a8d6
--- /dev/null
+++ b/Shogi.Database/FirstTimeSetup.sql
@@ -0,0 +1,7 @@
+-- Create a user named Shogi.Api
+
+-- Create a role and grant execute permission to that role
+--CREATE ROLE db_executor
+--GRANT EXECUTE To db_executor
+
+-- Give Shogi.Api user permission to db_executor, db_datareader, db_datawriter
\ No newline at end of file
diff --git a/Shogi.Database/Shogi.Database.sqlproj b/Shogi.Database/Shogi.Database.sqlproj
index 75317b6..e2c8d6b 100644
--- a/Shogi.Database/Shogi.Database.sqlproj
+++ b/Shogi.Database/Shogi.Database.sqlproj
@@ -95,5 +95,6 @@
   <ItemGroup>
     <None Include="Post Deployment\Scripts\PopulatePieces.sql" />
     <None Include="Post Deployment\Scripts\EnableSnapshotIsolationLevel.sql" />
+    <None Include="FirstTimeSetup.sql" />
   </ItemGroup>
 </Project>
\ No newline at end of file