diff --git a/.env b/.env
index 53dd45f..9042c81 100644
--- a/.env
+++ b/.env
@@ -3,7 +3,7 @@ DB_HOST=ncue.net
 DB_PORT=5432
 DB_NAME=ncue
 DB_USER=ncue
-DB_PASSWORD=REPLACE_ME
+DB_PASSWORD=ncue5004!
 TABLE=ncue_user
 
 ## Auth0 (server-side)
diff --git a/db/schema.sql b/db/schema.sql
index cc40004..22c9546 100644
--- a/db/schema.sql
+++ b/db/schema.sql
@@ -18,6 +18,7 @@ BEGIN
       first_login_at timestamptz,
       last_login_at  timestamptz,
       last_logout_at timestamptz,
+      is_admin       boolean NOT NULL DEFAULT false,
       can_manage     boolean NOT NULL DEFAULT false,
       created_at     timestamptz NOT NULL DEFAULT now(),
       updated_at     timestamptz NOT NULL DEFAULT now()
@@ -30,6 +31,12 @@ END $$;
 -- Backward-compatible migration (if table already exists)
 ALTER TABLE public.ncue_user ADD COLUMN IF NOT EXISTS first_login_at timestamptz;
 ALTER TABLE public.ncue_user ADD COLUMN IF NOT EXISTS last_logout_at timestamptz;
+ALTER TABLE public.ncue_user ADD COLUMN IF NOT EXISTS is_admin boolean NOT NULL DEFAULT false;
+
+-- Backward-compat: previously can_manage was used as admin flag. Preserve existing admins.
+UPDATE public.ncue_user SET is_admin = true WHERE can_manage = true AND is_admin = false;
+-- Keep can_manage consistent with is_admin going forward.
+UPDATE public.ncue_user SET can_manage = is_admin WHERE can_manage IS DISTINCT FROM is_admin;
 
 -- App config (shared across browsers)
 CREATE TABLE IF NOT EXISTS public.ncue_app_config (