diff --git a/roles/kodi/files/kodi.service b/roles/kodi/files/kodi.service
index 7ca8002e8306037c4ba4d453edeaff7f24a61a71..932451e9c7e74230289c7d7296aeed995f6af41a 100644
--- a/roles/kodi/files/kodi.service
+++ b/roles/kodi/files/kodi.service
@@ -15,6 +15,8 @@ Before=graphical.target
 [Service]
 User=kodi
 PAMName=login
+SupplementaryGroups=audio
+SupplementaryGroups=cdrom
 Environment="DISPLAY=:0"
 ExecStart=flatpak run --device=all --filesystem=/etc/group --filesystem=/srv/library tv.kodi.Kodi --standalone --windowing=x11 -fs
 Type=simple
diff --git a/roles/kodi/files/xorg.service b/roles/kodi/files/xorg.service
index cc0ae5344f6698d0c9a475e02d09d097bf5a1587..3a697c3072e779f31c7086d569faac782fbcddaf 100644
--- a/roles/kodi/files/xorg.service
+++ b/roles/kodi/files/xorg.service
@@ -14,7 +14,9 @@ ConditionPathExists=/dev/tty7
 
 [Service]
 User=kodi
+SupplementaryGroups=input
 SupplementaryGroups=tty
+SupplementaryGroups=video
 PAMName=login
 ExecStart=startx
 Type=simple
diff --git a/roles/kodi/tasks/main.yml b/roles/kodi/tasks/main.yml
index 1c858da1c178c59278df460e88d2e9fbb227be03..e0d98208b50346b1c76cf91d71293f26e67878cb 100644
--- a/roles/kodi/tasks/main.yml
+++ b/roles/kodi/tasks/main.yml
@@ -74,12 +74,6 @@
 - name: Create user
   user:
     create_home: true
-    groups:
-      - audio
-      - cdrom
-      - input
-      - plugdev
-      - video
     home: /var/lib/kodi
     name: kodi
     password: '!'  # pragma: allowlist secret