diff --git a/api/kiwi_vpn_api/db/schemas.py b/api/kiwi_vpn_api/db/schemas.py
index a1fbdf1..935d7d5 100644
--- a/api/kiwi_vpn_api/db/schemas.py
+++ b/api/kiwi_vpn_api/db/schemas.py
@@ -160,21 +160,22 @@ class User(UserBase):
 
         return True
 
-    def add_capabilities(
+    def update(
         self,
         db: Session,
-        capabilities: list[UserCapability],
     ) -> None:
         """
-        Add some capabilities to this user.
+        Update this user in the database.
         """
 
-        for capability in capabilities:
-            if capability not in self.capabilities:
-                db.add(models.UserCapability(
-                    user_name=self.name,
-                    capability=capability.value,
-                ))
+        old_dbuser = models.User.load(db, self.name)
+        old_user = self.from_orm(old_dbuser)
+
+        for capability in self.capabilities:
+            if capability not in old_user.capabilities:
+                old_dbuser.capabilities.append(
+                    models.UserCapability(capability=capability.value)
+                )
 
         db.commit()
 
diff --git a/api/kiwi_vpn_api/routers/admin.py b/api/kiwi_vpn_api/routers/admin.py
index 1de8cca..9e1f8bc 100644
--- a/api/kiwi_vpn_api/routers/admin.py
+++ b/api/kiwi_vpn_api/routers/admin.py
@@ -39,15 +39,15 @@ async def install(
 
     # create an administrative user
     with Connection.use() as db:
-        User.create(
+        new_user = User.create(
             db=db,
             user=admin_user,
             crypt_context=await config.crypto.crypt_context,
-        ).add_capabilities(
-            db=db,
-            capabilities=[UserCapability.admin],
         )
 
+        new_user.capabilities.append(UserCapability.admin)
+        new_user.update(db)
+
 
 @router.put(
     "/config",