diff --git a/package.json b/package.json
index 7e87cbf..b58fb88 100644
--- a/package.json
+++ b/package.json
@@ -13,6 +13,7 @@
     "lint:ws": "pnpm dlx sherif@latest -r packages-without-package-json",
     "prepare": "husky",
     "auth:seed": "set -a && source apps/web/.env.local && set +a && pnpm --filter @turbostarter/auth db:seed",
+    "admin:grant": "set -a && source apps/web/.env.local && set +a && pnpm --filter @turbostarter/auth admin:grant",
     "services:logs": "docker compose logs -f",
     "services:setup": "pnpm services:start && pnpm with-env turbo setup",
     "services:start": "docker compose up -d --wait",
diff --git a/packages/auth/package.json b/packages/auth/package.json
index 8746a18..ae0cff5 100644
--- a/packages/auth/package.json
+++ b/packages/auth/package.json
@@ -13,6 +13,7 @@
     "clean": "git clean -xdf .cache .turbo dist node_modules",
     "db:generate": "cross-env SKIP_ENV_VALIDATION=1 pnpm dlx @better-auth/cli@1.4.3 generate --config src/server.ts --output ../db/src/schema/auth.ts --y",
     "db:seed": "cross-env SKIP_ENV_VALIDATION=1 pnpm dlx tsx ./src/scripts/seed.ts",
+    "admin:grant": "cross-env SKIP_ENV_VALIDATION=1 pnpm dlx tsx ./src/scripts/grant-admin.ts",
     "format": "prettier --check . --ignore-path ../../.gitignore",
     "lint": "eslint",
     "test": "vitest run",
diff --git a/packages/auth/src/scripts/grant-admin.ts b/packages/auth/src/scripts/grant-admin.ts
new file mode 100644
index 0000000..b89dd10
--- /dev/null
+++ b/packages/auth/src/scripts/grant-admin.ts
@@ -0,0 +1,44 @@
+/**
+ * Grants admin privileges to a user by email.
+ *
+ * Usage:
+ *   pnpm admin:grant <email>
+ *
+ * Resolved via packages/auth/package.json → root package.json alias.
+ * Flips user.role to "admin" via BetterAuth's admin plugin convention
+ * (role column, not a custom isAdmin boolean).
+ */
+import { eq } from "@turbostarter/db";
+import * as schema from "@turbostarter/db/schema";
+import { db } from "@turbostarter/db/server";
+import { logger } from "@turbostarter/shared/logger";
+
+import { UserRole } from "../types";
+
+const email = process.argv[2];
+
+if (!email) {
+  logger.error("Usage: pnpm admin:grant <email>");
+  process.exit(1);
+}
+
+const rows = await db
+  .update(schema.user)
+  .set({ role: UserRole.ADMIN })
+  .where(eq(schema.user.email, email))
+  .returning({
+    id: schema.user.id,
+    email: schema.user.email,
+    role: schema.user.role,
+  });
+
+if (rows.length === 0) {
+  logger.error(`No user found with email: ${email}`);
+  process.exit(1);
+}
+
+const updated = rows[0]!;
+logger.info(
+  `✓ Granted admin to ${updated.email} (id: ${updated.id}, role: ${updated.role})`,
+);
+process.exit(0);