diff --git a/modules/helfi_user_roles/config/install/user.role.super_administrator.yml b/modules/helfi_user_roles/config/install/user.role.super_administrator.yml
new file mode 100644
index 000000000..3916c0480
--- /dev/null
+++ b/modules/helfi_user_roles/config/install/user.role.super_administrator.yml
@@ -0,0 +1,8 @@
+langcode: en
+status: true
+dependencies: {  }
+id: super_administrator
+label: 'Super administrator'
+weight: 7
+is_admin: true
+permissions: {  }
diff --git a/modules/helfi_user_roles/helfi_user_roles.install b/modules/helfi_user_roles/helfi_user_roles.install
index 65871f570..b0c80a0e3 100644
--- a/modules/helfi_user_roles/helfi_user_roles.install
+++ b/modules/helfi_user_roles/helfi_user_roles.install
@@ -7,6 +7,8 @@
 
 declare(strict_types = 1);
 
+use Drupal\user\Entity\Role;
+
 /**
  * Grants required permissions.
  */
@@ -47,3 +49,25 @@ function helfi_user_roles_install($is_syncing) : void {
 
   helfi_user_roles_grant_permissions();
 }
+
+/**
+ * Install 'super_administrator' role.
+ */
+function helfi_user_roles_update_9001() : void {
+  if (Role::load('super_administrator')) {
+    return;
+  }
+  // We can't use 'update_helper' service to re-install configuration because
+  // it will re-install previously installed roles (from this module) and wipe
+  // out the permissions because 'user.role.*.yml' configuration files define
+  // no permissions.
+  // Permissions are granted by individual modules in hook_install().
+  Role::create([
+    'id' => 'super_administrator',
+    'label' => 'Super administrator',
+    'status' => TRUE,
+    'is_admin' => TRUE,
+    'weight' => 7,
+  ])
+    ->save();
+}