diff --git a/README.md b/README.md
index cd61999..5536ce6 100644
--- a/README.md
+++ b/README.md
@@ -12,9 +12,10 @@ None.
 
 Available variables are listed below, along with default values (see `vars/main.yml`):
 
+    mysql_user_provisioning: root
     mysql_user_home: /root
 
-The home directory inside which Python MySQL settings will be stored, which Ansible will use when connecting to MySQL. This should be the home directory of the user which runs this Ansible role.
+The user this role will use, along with the home directory inside which Python MySQL settings will be stored, when Ansible connects to MySQL for administrative purposes.
 
     mysql_root_password: root
 
diff --git a/defaults/main.yml b/defaults/main.yml
index c966bcb..6cff654 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,5 @@
 ---
+mysql_user_provisioning: root
 mysql_user_home: /root
 mysql_root_username: root
 mysql_root_password: root
diff --git a/tasks/secure-installation.yml b/tasks/secure-installation.yml
index f02af77..863e3c9 100644
--- a/tasks/secure-installation.yml
+++ b/tasks/secure-installation.yml
@@ -3,6 +3,8 @@
   command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = "root" ORDER BY (Host="localhost") ASC'
   register: mysql_root_hosts
   changed_when: false
+  sudo: yes
+  sudo_user: "{{ mysql_user_provisioning }}"
 
 # 'localhost' needs to be last for idempotency.
 - name: Update MySQL root password for localhost root account.