diff --git a/playbooks/roles/bifrost-ironic-install/templates/ironic-prometheus-exporter.service.j2 b/playbooks/roles/bifrost-ironic-install/templates/ironic-prometheus-exporter.service.j2
index b8917e430..7393a042a 100644
--- a/playbooks/roles/bifrost-ironic-install/templates/ironic-prometheus-exporter.service.j2
+++ b/playbooks/roles/bifrost-ironic-install/templates/ironic-prometheus-exporter.service.j2
@@ -8,3 +8,5 @@ ExecStart={{ bifrost_venv_dir }}/bin/gunicorn ironic_prometheus_exporter.app.wsg
     --bind {{ prometheus_exporter_host }}:{{ prometheus_exporter_port}} \
     --env IRONIC_CONFIG=/etc/ironic/ironic.conf \
     --workers 2 --threads 2 --access-logfile=- --error-logfile=-
+User=ironic
+Group=ironic
diff --git a/releasenotes/notes/prometheus-user-e75a43f1b13e0049.yaml b/releasenotes/notes/prometheus-user-e75a43f1b13e0049.yaml
new file mode 100644
index 000000000..34e98f2ea
--- /dev/null
+++ b/releasenotes/notes/prometheus-user-e75a43f1b13e0049.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Ironic Prometheus Exporter is now run as the ``ironic`` user, not as root.