diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index f8924b6..ac2d3e7 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -45,14 +45,6 @@ interface(`postgresql_role',`
 	# Client local policy
 	#
 
-	tunable_policy(`sepgsql_enable_users_ddl',`
-		allow $2 user_sepgsql_table_t:db_table { create drop setattr };
-		allow $2 user_sepgsql_table_t:db_column { create drop setattr };
-
-		allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
-		allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
-	')
-
 	allow $2 user_sepgsql_table_t:db_table	{ getattr use select update insert delete lock };
 	allow $2 user_sepgsql_table_t:db_column { getattr use select update insert };
 	allow $2 user_sepgsql_table_t:db_tuple	{ use select update insert delete };
@@ -69,6 +61,14 @@ interface(`postgresql_role',`
 
 	allow $2 sepgsql_trusted_proc_t:process transition;
 	type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+
+	tunable_policy(`sepgsql_enable_users_ddl',`
+		allow $2 user_sepgsql_table_t:db_table { create drop setattr };
+		allow $2 user_sepgsql_table_t:db_column { create drop setattr };
+
+		allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
+		allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
+	')
 ')
 
 ########################################
@@ -358,13 +358,6 @@ interface(`postgresql_unpriv_client',`
 	type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
 	allow $1 sepgsql_trusted_proc_t:process transition;
 
-	tunable_policy(`sepgsql_enable_users_ddl',`
-		allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
-		allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
-		allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
-		allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
-	')
-
 	allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };
 	allow $1 unpriv_sepgsql_table_t:db_column { getattr use select update insert };
 	allow $1 unpriv_sepgsql_table_t:db_tuple { use select update insert delete };
@@ -378,6 +371,13 @@ interface(`postgresql_unpriv_client',`
 
 	allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
 	type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;
+
+	tunable_policy(`sepgsql_enable_users_ddl',`
+		allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
+		allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
+		allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
+		allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
+	')
 ')
 
 ########################################