diff --git a/molecule/zammad/converge.yml b/molecule/zammad/converge.yml
index 9a60aed3..131d2e08 100644
--- a/molecule/zammad/converge.yml
+++ b/molecule/zammad/converge.yml
@@ -6,9 +6,11 @@
 ---
 - name: "Converge"
   hosts: "all"
+  become: false
   tasks:
 
     - name: "Get private key content"
+      become: true
       ansible.builtin.command: "cat /etc/ssl/private/ssl-cert-snakeoil.key"
       changed_when: false
       check_mode: false
diff --git a/molecule/zammad/molecule.yml b/molecule/zammad/molecule.yml
index 4fa54629..b7e506c5 100644
--- a/molecule/zammad/molecule.yml
+++ b/molecule/zammad/molecule.yml
@@ -26,5 +26,10 @@ provisioner:
   playbooks:
     prepare: "prepare.yml"
     converge: "converge.yml"
+  inventory:
+    hosts:
+      all:
+        vars:
+          ansible_user: "ansible"
 verifier:
   name: "ansible"
diff --git a/molecule/zammad/prepare.yml b/molecule/zammad/prepare.yml
index 51f74317..d27429f5 100644
--- a/molecule/zammad/prepare.yml
+++ b/molecule/zammad/prepare.yml
@@ -6,6 +6,7 @@
 ---
 - name: "Prepare"
   hosts: "all"
+  become: true
   vars:
     # Apply suggested Elasticsearch configuration
     elasticsearch_version: "8.x"
diff --git a/roles/zammad/handlers/main.yml b/roles/zammad/handlers/main.yml
index 54e5ebca..f031fde3 100644
--- a/roles/zammad/handlers/main.yml
+++ b/roles/zammad/handlers/main.yml
@@ -5,16 +5,19 @@
 
 ---
 - name: "Reload nginx"
+  become: true
   ansible.builtin.service:
     name: "nginx"
     state: "reloaded"
 
 - name: "Set Elasticsearch server address"
+  become: true
   ansible.builtin.command: >-
     zammad run rails r "Setting.set('es_url', '{{ zammad_elasticsearch_url | quote }}')"
   changed_when: true
 
 - name: "Build search index"
+  become: true
   ansible.builtin.command: "zammad run rake zammad:searchindex:rebuild"
   changed_when: true
   when: "not __zammad_is_installed or zammad_force_es_searchindex_rebuild"
diff --git a/roles/zammad/tasks/install.yml b/roles/zammad/tasks/install.yml
index 7955a05b..0ec6bff3 100644
--- a/roles/zammad/tasks/install.yml
+++ b/roles/zammad/tasks/install.yml
@@ -10,11 +10,13 @@
   block:
 
     - name: "Install | Install EPEL repo"
+      become: true
       ansible.builtin.dnf:
         name: "epel-release"
         state: "present"
 
     - name: "Install | Add Zammad yum repository"
+      become: true
       ansible.builtin.yum_repository:
         name: "zammad"
         state: "present"
@@ -31,11 +33,13 @@
   block:
 
     - name: "Remove Zammad apt key from legacy trusted.gpg keyring"
+      become: true
       ansible.builtin.apt_key:
         url: "https://dl.packager.io/srv/zammad/zammad/key"
         state: "absent"
 
     - name: "Remove Zammad DEB repository from sources.list"
+      become: true
       ansible.builtin.apt_repository:
         repo: "deb https://dl.packager.io/srv/deb/zammad/zammad/{{ zammad_release_channel }}/ubuntu {{ ansible_facts.distribution_version }} main"
         state: "absent"
@@ -43,6 +47,7 @@
         update_cache: false
 
     - name: "Install | Add Zammad DEB repository"
+      become: true
       ansible.builtin.deb822_repository:
         name: "zammad"
         types: "deb"
@@ -56,6 +61,7 @@
         enabled: true
 
     - name: "Update apt cache"
+      become: true
       ansible.builtin.apt:
         update_cache: true
       changed_when: false
@@ -69,6 +75,7 @@
     __zammad_is_installed: "{{ 'zammad' in ansible_facts.packages }}"
 
 - name: "Install | Install Zammad package"
+  become: true
   ansible.builtin.package:
     name: "zammad={{ zammad_version }}*"
     state: "present"
@@ -78,6 +85,7 @@
     - "Build search index"
 
 - name: "Install | Start and enable services"
+  become: true
   ansible.builtin.service:
     name: "{{ item }}"
     state: "started"
diff --git a/roles/zammad/tasks/nginx-config.yml b/roles/zammad/tasks/nginx-config.yml
index 8005f0cb..4cd936a0 100644
--- a/roles/zammad/tasks/nginx-config.yml
+++ b/roles/zammad/tasks/nginx-config.yml
@@ -6,6 +6,7 @@
 ---
 
 - name: "Nginx | Create config"
+  become: true
   ansible.builtin.template:
     src: "nginx-zammad.conf.j2"
     dest: "{{ zammad_nginx_config_path }}"
diff --git a/roles/zammad/tasks/ssl.yml b/roles/zammad/tasks/ssl.yml
index 92dfd034..9512ac51 100644
--- a/roles/zammad/tasks/ssl.yml
+++ b/roles/zammad/tasks/ssl.yml
@@ -6,6 +6,7 @@
 ---
 
 - name:  "SSL | Insert private key"
+  become: true
   ansible.builtin.blockinfile:
     path: "{{ zammad_ssl_key_path }}"
     create: true
@@ -17,6 +18,7 @@
   when: "zammad_ssl_key | default('') | length > 0"
 
 - name: "SSL | Insert certificate"
+  become: true
   ansible.builtin.blockinfile:
     path: "{{ zammad_ssl_cert_path }}"
     create: true
@@ -34,6 +36,7 @@
   ignore_errors: "{{ ansible_check_mode }}"
 
 - name: "SSL | Ensure certificate and private key match"
+  become: true
   community.crypto.openssl_privatekey_info:
     path: "{{ zammad_ssl_key_path }}"
   register: "__private_key"