diff --git a/frigate/api/auth.py b/frigate/api/auth.py
index 7d7c2ba8d..710661be3 100644
--- a/frigate/api/auth.py
+++ b/frigate/api/auth.py
@@ -261,14 +261,14 @@ def auth(request: Request):
 
         role_header = proxy_config.header_map.role
         role = (
-            request.headers.get(role_header, default="viewer")
+            request.headers.get(role_header, default=proxy_config.default_role)
             if role_header
-            else "viewer"
+            else proxy_config.default_role
         )
 
-        # if comma-separated with "admin", use "admin", else "viewer"
+        # if comma-separated with "admin", use "admin", else use default role
         success_response.headers["remote-role"] = (
-            "admin" if role and "admin" in role else "viewer"
+            "admin" if role and "admin" in role else proxy_config.default_role
         )
 
         return success_response
diff --git a/frigate/config/proxy.py b/frigate/config/proxy.py
index df8a665fb..ef1529f9e 100644
--- a/frigate/config/proxy.py
+++ b/frigate/config/proxy.py
@@ -30,3 +30,6 @@ class ProxyConfig(FrigateBaseModel):
         default=None,
         title="Secret value for proxy authentication.",
     )
+    default_role: Optional[str] = Field(
+        default="viewer", title="Default role for proxy users."
+    )