diff --git a/backend/WorkClub.Tests.Integration/Infrastructure/CustomWebApplicationFactory.cs b/backend/WorkClub.Tests.Integration/Infrastructure/CustomWebApplicationFactory.cs
index 7330378..0dedd27 100644
--- a/backend/WorkClub.Tests.Integration/Infrastructure/CustomWebApplicationFactory.cs
+++ b/backend/WorkClub.Tests.Integration/Infrastructure/CustomWebApplicationFactory.cs
@@ -57,23 +57,38 @@ public class CustomWebApplicationFactory<TProgram> : WebApplicationFactory<TProg
             var db = scope.ServiceProvider.GetRequiredService<AppDbContext>();
             db.Database.Migrate();
             
-            using var conn = new Npgsql.NpgsqlConnection(_postgresContainer.GetConnectionString());
-            conn.Open();
-            using var cmd = conn.CreateCommand();
-            cmd.CommandText = @"
-                DO $$ BEGIN
-                IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'rls_test_user') THEN
-                    CREATE USER rls_test_user WITH PASSWORD 'rlspass';
-                    GRANT CONNECT ON DATABASE workclub_test TO rls_test_user;
-                    GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO rls_test_user;
-                    GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO rls_test_user;
-                END IF;
-                IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN
-                    CREATE ROLE app_admin;
-                END IF;
-                END $$;
-            ";
-            cmd.ExecuteNonQuery();
+    using var conn = new Npgsql.NpgsqlConnection(_postgresContainer.GetConnectionString());
+    conn.Open();
+    using var cmd = conn.CreateCommand();
+    cmd.CommandText = @"
+      DO $$ BEGIN
+      -- Create test user for RLS
+      IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'rls_test_user') THEN
+        CREATE USER rls_test_user WITH PASSWORD 'rlspass';
+      END IF;
+      
+      -- Grant basic permissions to test user
+      GRANT CONNECT ON DATABASE workclub_test TO rls_test_user;
+      GRANT USAGE ON SCHEMA public TO rls_test_user;
+      GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO rls_test_user;
+      GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO rls_test_user;
+      
+      -- Create app_admin role for bypassing RLS
+      IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN
+        CREATE ROLE app_admin WITH BYPASSRLS;
+      END IF;
+      
+      -- Grant app_admin full access to tables
+      GRANT CONNECT ON DATABASE workclub_test TO app_admin;
+      GRANT USAGE ON SCHEMA public TO app_admin;
+      GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_admin;
+      GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO app_admin;
+      
+      -- Allow rls_test_user to assume app_admin role
+      GRANT app_admin TO rls_test_user;
+      END $$;
+    ";
+    cmd.ExecuteNonQuery();
         });
 
         builder.UseEnvironment("Test");