diff --git a/roles/postgresql_client_access/defaults/main.yml b/roles/postgresql_client_access/defaults/main.yml
index e57bba1..842acaf 100644
--- a/roles/postgresql_client_access/defaults/main.yml
+++ b/roles/postgresql_client_access/defaults/main.yml
@@ -5,3 +5,4 @@ postgresql_config_path: "{{ postgresql_base_path }}/config"
 postgresql_connect_socket: true
 
 postgresql_container_name: "postgresql"
+postgresql_client_state: present
diff --git a/roles/postgresql_client_access/tasks/main.yml b/roles/postgresql_client_access/tasks/main.yml
index cf69913..b68d974 100644
--- a/roles/postgresql_client_access/tasks/main.yml
+++ b/roles/postgresql_client_access/tasks/main.yml
@@ -5,36 +5,36 @@
   register: "postgresql_container"
   tags: ["deploy", "deploy-postgresql-client-access"]
 
-- name: "Create user"
+- name: "Ensure users are either present or absent"
   community.postgresql.postgresql_user:
     name: "{{ item.name }}"
-    password: "{{ item.password }}"
-    state: "{{ item.state | default(omit) }}"
+    password: "{{ (item.state | default(postgresql_client_state) == 'present') | ternary(item.password, omit) }}"
+    state: "{{ item.state | default(postgresql_client_state) }}"
     login_host: "{{ postgresql_connection.login_host }}"
     login_port: "{{ postgresql_connection.login_port }}"
     login_password: "{{ postgresql_connection.login_password | default(omit) }}"
   loop: "{{ postgresql_client_access_users }}"
   loop_control:
-    label: "{{ item.name }}"
+    label: "{{ item.name }} ({{ item.state | default(postgresql_client_state) }})"
   tags: ["deploy", "deploy-postgresql-client-access"]
 
-- name: "Create database"
+- name: "Ensure databases are either present or absent"
   community.postgresql.postgresql_db:
     name: "{{ item.name }}"
     owner: "{{ item.owner | default(omit) }}"
     lc_collate: "{{ item.lc_collate | default('C') }}"
     lc_ctype: "{{ item.lc_ctype | default('C') }}"
     template: "{{ item.template | default('template0') }}"
-    state: "{{ item.state | default(omit) }}"
+    state: "{{ item.state | default(postgresql_client_state) }}"
     login_host: "{{ postgresql_connection.login_host }}"
     login_port: "{{ postgresql_connection.login_port }}"
     login_password: "{{ postgresql_connection.login_password | default(omit) }}"
   loop: "{{ postgresql_client_access_databases }}"
   loop_control:
-    label: "{{ item.name }}"
+    label: "{{ item.name }} ({{ item.state | default(postgresql_client_state) }})"
   tags: ["deploy", "deploy-postgresql-client-access"]
 
-- name: "Update pg_hba.conf"
+- name: "Ensure pg_hba.conf is up to date"
   community.postgresql.postgresql_pg_hba:
     dest: "{{ postgresql_config_path }}/pg_hba.conf"
     contype: "{{ item.contype }}"
@@ -44,7 +44,7 @@
     options: "{{ item.options | default(omit) }}"
     address: "{{ item.address | default(omit) }}"
     netmask: "{{ item.netmask | default(omit) }}"
-    state: "{{ item.state | default(omit) }}"
+    state: "{{ item.state | default(postgresql_client_state) }}"
   loop: "{{ postgresql_client_access_hba_entries }}"
   notify: "postgresql_container_restart"
   tags: ["deploy", "deploy-postgresql-client-access"]