diff --git a/ansible/group_vars/all/kolla b/ansible/group_vars/all/kolla
index 4b639fe1f..4a282fb61 100644
--- a/ansible/group_vars/all/kolla
+++ b/ansible/group_vars/all/kolla
@@ -298,6 +298,16 @@ kolla_openstack_logging_debug: "False"
 # Upper constraints file for installation of Kolla.
 kolla_upper_constraints_file: "https://raw.githubusercontent.com/openstack/requirements/stable/queens/upper-constraints.txt"
 
+# User account to use for Kolla SSH access.
+kolla_ansible_user: kolla
+
+# Primary group of Kolla SSH user.
+kolla_ansible_group: kolla
+
+# Whether to use privilege escalation for all operations performed via Kolla
+# Ansible.
+kolla_ansible_become: true
+
 ###############################################################################
 # Kolla feature flag configuration.
 
diff --git a/ansible/kolla-target-venv.yml b/ansible/kolla-target-venv.yml
index e9bde2c05..af15dd443 100644
--- a/ansible/kolla-target-venv.yml
+++ b/ansible/kolla-target-venv.yml
@@ -39,7 +39,7 @@
             path: "{{ kolla_ansible_target_venv }}"
             recurse: True
             state: directory
-            owner: kolla
-            group: kolla
+            owner: "{{ kolla_ansible_user }}"
+            group: "{{ kolla_ansible_group }}"
           become: True
       when: kolla_ansible_target_venv is not none
diff --git a/ansible/roles/kolla-ansible/defaults/main.yml b/ansible/roles/kolla-ansible/defaults/main.yml
index 3f7e5e320..51b4600e9 100644
--- a/ansible/roles/kolla-ansible/defaults/main.yml
+++ b/ansible/roles/kolla-ansible/defaults/main.yml
@@ -38,6 +38,16 @@ kolla_node_custom_config_path:
 # Path to kolla-ansible passwords.yml input file.
 kolla_ansible_passwords_path:
 
+# User account to use for Kolla SSH access.
+kolla_ansible_user: kolla
+
+# Primary group of Kolla SSH user.
+kolla_ansible_group: kolla
+
+# Whether to use privilege escalation for all operations performed via Kolla
+# Ansible.
+kolla_ansible_become: true
+
 ###############################################################################
 # Kolla-ansible inventory configuration.
 
diff --git a/ansible/roles/kolla-ansible/templates/globals.yml.j2 b/ansible/roles/kolla-ansible/templates/globals.yml.j2
index 4e8642b4d..c9d54e77c 100644
--- a/ansible/roles/kolla-ansible/templates/globals.yml.j2
+++ b/ansible/roles/kolla-ansible/templates/globals.yml.j2
@@ -48,6 +48,12 @@ kolla_external_vip_address: "{{ kolla_external_vip_address }}"
 # kolla_external_vip_address.
 kolla_external_fqdn: "{{ kolla_external_fqdn }}"
 
+# User account to use for Kolla SSH access.
+kolla_user: "{{ kolla_ansible_user }}"
+
+# Primary group of Kolla SSH user.
+kolla_group: "{{ kolla_ansible_group }}"
+
 ################
 # Docker options
 ################
diff --git a/ansible/roles/kolla-ansible/templates/overcloud-top-level.j2 b/ansible/roles/kolla-ansible/templates/overcloud-top-level.j2
index 25379f8c8..dadf1f154 100644
--- a/ansible/roles/kolla-ansible/templates/overcloud-top-level.j2
+++ b/ansible/roles/kolla-ansible/templates/overcloud-top-level.j2
@@ -28,8 +28,10 @@
 {% endfor %}
 
 [overcloud:vars]
-ansible_user=kolla
+ansible_user={{ kolla_ansible_user }}
+{% if kolla_ansible_become | bool %}
 ansible_become=true
+{% endif %}
 {% if kolla_ansible_target_venv is not none %}
 # Execute ansible modules on the remote target hosts using a virtualenv.
 ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python
diff --git a/ansible/roles/kolla-ansible/templates/seed.j2 b/ansible/roles/kolla-ansible/templates/seed.j2
index 20f826694..bc66951c8 100644
--- a/ansible/roles/kolla-ansible/templates/seed.j2
+++ b/ansible/roles/kolla-ansible/templates/seed.j2
@@ -6,7 +6,7 @@
 {% endfor %}
 
 [seed:vars]
-ansible_user=kolla
+ansible_user={{ kolla_ansible_user }}
 {% if kolla_ansible_target_venv is not none %}
 # Execute ansible modules on the remote target hosts using a virtualenv.
 ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python
diff --git a/ansible/roles/kolla-ansible/tests/test-defaults.yml b/ansible/roles/kolla-ansible/tests/test-defaults.yml
index 6cb61e23f..c20daf845 100644
--- a/ansible/roles/kolla-ansible/tests/test-defaults.yml
+++ b/ansible/roles/kolla-ansible/tests/test-defaults.yml
@@ -97,6 +97,8 @@
               kolla_enable_tls_external: False
               kolla_external_fqdn_cert: "fake-cert"
               openstack_logging_debug: False
+              kolla_user: "kolla"
+              kolla_group: "kolla"
 
         - name: Validate variables are absent from globals.yml
           assert:
diff --git a/ansible/roles/kolla-ansible/tests/test-extras.yml b/ansible/roles/kolla-ansible/tests/test-extras.yml
index f7afc08ac..96219798a 100644
--- a/ansible/roles/kolla-ansible/tests/test-extras.yml
+++ b/ansible/roles/kolla-ansible/tests/test-extras.yml
@@ -23,6 +23,8 @@
             kolla_node_custom_config_path: "{{ temp_path }}/etc/kolla/config"
             kolla_ansible_passwords_path: "{{ temp_path }}/passwords.yml"
             # Config.
+            kolla_ansible_user: "fake-user"
+            kolla_ansible_group: "fake-group"
             kolla_base_distro: "fake-distro"
             kolla_install_type: "fake-install-type"
             kolla_docker_namespace: "fake-namespace"
@@ -167,6 +169,8 @@
             globals_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/globals.yml') | from_yaml }}"
             expected_variables:
               config_strategy: "COPY_ALWAYS"
+              kolla_user: "fake-user"
+              kolla_group: "fake-group"
               kolla_base_distro: "fake-distro"
               kolla_install_type: "fake-install-type"
               openstack_release: "fake-release"
diff --git a/ansible/roles/swift-setup/tasks/rings.yml b/ansible/roles/swift-setup/tasks/rings.yml
index af092aa36..3ecbca293 100644
--- a/ansible/roles/swift-setup/tasks/rings.yml
+++ b/ansible/roles/swift-setup/tasks/rings.yml
@@ -55,8 +55,8 @@
     src: "{{ swift_ring_build_path }}/{{ item[0] }}.{{ item[1] }}"
     dest: "{{ kolla_config_path }}/config/swift/{{ item[0] }}.{{ item[1] }}"
     remote_src: True
-    owner: kolla
-    group: kolla
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
     mode: 0644
   with_nested:
     - "{{ swift_service_names }}"
diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml
index ca588c0f8..3b208b342 100644
--- a/etc/kayobe/kolla.yml
+++ b/etc/kayobe/kolla.yml
@@ -141,6 +141,19 @@
 # Whether debug logging is enabled.
 #kolla_openstack_logging_debug:
 
+# Upper constraints file for installation of Kolla.
+#kolla_upper_constraints_file:
+
+# User account to use for Kolla SSH access.
+#kolla_ansible_user:
+
+# Primary group of Kolla SSH user.
+#kolla_ansible_group:
+
+# Whether to use privilege escalation for all operations performed via Kolla
+# Ansible.
+#kolla_ansible_become:
+
 ###############################################################################
 # Kolla feature flag configuration.
 
diff --git a/releasenotes/notes/kolla-user-group-85bbe8038c3f719c.yaml b/releasenotes/notes/kolla-user-group-85bbe8038c3f719c.yaml
new file mode 100644
index 000000000..60ab31552
--- /dev/null
+++ b/releasenotes/notes/kolla-user-group-85bbe8038c3f719c.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Adds support for configuration of the user used by Kolla Ansible for remote
+    execution. The user is configured via ``kolla_ansible_user``, its primary
+    group via ``kolla_ansible_group``, and ``kolla_ansible_become`` determines
+    whether privilege escalation is used by Kolla Ansible for all tasks or only
+    required tasks.