diff --git a/charts/prefect-server/README.md b/charts/prefect-server/README.md
index 8246a75f..1d125c62 100644
--- a/charts/prefect-server/README.md
+++ b/charts/prefect-server/README.md
@@ -425,6 +425,9 @@ the HorizontalPodAutoscaler.
 | migrations.extraVolumeMounts | list | `[]` | additional volume mounts for the migration job |
 | migrations.extraVolumes | list | `[]` | additional volumes for the migration job |
 | migrations.nodeSelector | object | `{}` | node labels for migration job pods assignment |
+| migrations.podSecurityContext.fsGroup | int | `1001` | set background-services pod's security context fsGroup |
+| migrations.podSecurityContext.runAsNonRoot | bool | `true` | set background-services pod's security context runAsNonRoot |
+| migrations.podSecurityContext.runAsUser | int | `1001` | set background-services pod's security context runAsUser |
 | migrations.resources | object | `{"limits":{"cpu":"500m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}` | job resources configuration |
 | migrations.restartPolicy | string | `"Never"` | job restart policy |
 | migrations.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1001}` | job security context configuration |
diff --git a/charts/prefect-server/templates/pre-upgrade-hook.yaml b/charts/prefect-server/templates/pre-upgrade-hook.yaml
index 17b3e309..7e60abff 100644
--- a/charts/prefect-server/templates/pre-upgrade-hook.yaml
+++ b/charts/prefect-server/templates/pre-upgrade-hook.yaml
@@ -48,6 +48,8 @@ spec:
             secretKeyRef:
               name: {{ include "server.postgres-string-secret-name" . }}
               key: connection-string
+        - name: HOME
+          value: /home/prefect
         {{- if .Values.global.prefect.env }}
         {{- include "common.tplvalues.render" (dict "value" .Values.global.prefect.env "context" $) | nindent 8 }}
         {{- end }}
@@ -80,4 +82,7 @@ spec:
         - name: {{ . }}
       {{- end }}
       {{- end }}
+      {{- with .Values.migrations.podSecurityContext }}
+      securityContext: {{- . | toYaml | nindent 8 }}
+      {{- end }}
 {{- end }}
diff --git a/charts/prefect-server/tests/pre_upgrade_hook_test.yaml b/charts/prefect-server/tests/pre_upgrade_hook_test.yaml
index a3ef89b8..35ff4c46 100644
--- a/charts/prefect-server/tests/pre_upgrade_hook_test.yaml
+++ b/charts/prefect-server/tests/pre_upgrade_hook_test.yaml
@@ -302,3 +302,26 @@ tests:
         equal:
           path: .spec.template.spec.tolerations[0].key
           value: key1
+
+  - it: Should contain HOME env variable for pre-upgrade hook
+    asserts:
+      - template: pre-upgrade-hook.yaml
+        contains:
+          path: .spec.template.spec.containers[0].env
+          content:
+            name: HOME
+            value: /home/prefect
+
+  - it: Should set correct pod security context for pre-upgrade hook
+    set:
+      backgroundServices:
+        runAsSeparateDeployment: true
+    asserts:
+      - template: pre-upgrade-hook.yaml
+        equal:
+          path: .spec.template.spec.securityContext
+          value:
+            runAsUser: 1001
+            fsGroup: 1001
+            runAsNonRoot: true
+
diff --git a/charts/prefect-server/values.schema.json b/charts/prefect-server/values.schema.json
index 4b882c5f..1c37e547 100644
--- a/charts/prefect-server/values.schema.json
+++ b/charts/prefect-server/values.schema.json
@@ -149,6 +149,14 @@
             }
           }
         },
+        "podSecurityContext": {
+          "type": "object",
+          "properties": {
+            "runAsUser": { "type": ["integer", "null"] },
+            "runAsNonRoot": { "type": "boolean" },
+            "fsGroup": { "type": ["integer", "null"] }
+          }
+        },
         "securityContext": {
           "type": "object",
           "title": "Security Context",
diff --git a/charts/prefect-server/values.yaml b/charts/prefect-server/values.yaml
index 612c080b..c4b4aa5f 100644
--- a/charts/prefect-server/values.yaml
+++ b/charts/prefect-server/values.yaml
@@ -241,7 +241,15 @@ migrations:
     limits:
       cpu: 500m
       memory: 256Mi
-      # ephemeral-storage:
+    # ephemeral-storage:
+  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  podSecurityContext:
+    # -- set migration job's pod security context runAsUser
+    runAsUser: 1001
+    # -- set migration job's pod security context runAsNonRoot
+    runAsNonRoot: true
+    # -- set migration job's pod security context fsGroup
+    fsGroup: 1001
   # -- job security context configuration
   securityContext:
     runAsUser: 1001