diff --git a/docs/api-references/docs.md b/docs/api-references/docs.md
index bcaf3a1981..8466de30c8 100644
--- a/docs/api-references/docs.md
+++ b/docs/api-references/docs.md
@@ -2664,6 +2664,18 @@ Kubernetes core/v1.PullPolicy
 </tr>
 <tr>
 <td>
+<code>serviceAccountName</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ServiceAccountName is the name of the ServiceAccount to use to run TiDB initializer Pods.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>permitHost</code></br>
 <em>
 string
@@ -27273,6 +27285,18 @@ Kubernetes core/v1.PullPolicy
 </tr>
 <tr>
 <td>
+<code>serviceAccountName</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ServiceAccountName is the name of the ServiceAccount to use to run TiDB initializer Pods.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>permitHost</code></br>
 <em>
 string
diff --git a/manifests/crd.yaml b/manifests/crd.yaml
index 05860f128f..4948e6a384 100644
--- a/manifests/crd.yaml
+++ b/manifests/crd.yaml
@@ -63536,6 +63536,8 @@ spec:
                       x-kubernetes-int-or-string: true
                     type: object
                 type: object
+              serviceAccountName:
+                type: string
               timezone:
                 type: string
               tlsClientSecretName:
diff --git a/manifests/crd/v1/pingcap.com_tidbinitializers.yaml b/manifests/crd/v1/pingcap.com_tidbinitializers.yaml
index 13350bd208..52acde8af8 100644
--- a/manifests/crd/v1/pingcap.com_tidbinitializers.yaml
+++ b/manifests/crd/v1/pingcap.com_tidbinitializers.yaml
@@ -158,6 +158,8 @@ spec:
                       x-kubernetes-int-or-string: true
                     type: object
                 type: object
+              serviceAccountName:
+                type: string
               timezone:
                 type: string
               tlsClientSecretName:
diff --git a/pkg/apis/pingcap/v1alpha1/openapi_generated.go b/pkg/apis/pingcap/v1alpha1/openapi_generated.go
index bfb660767d..49638c8f45 100644
--- a/pkg/apis/pingcap/v1alpha1/openapi_generated.go
+++ b/pkg/apis/pingcap/v1alpha1/openapi_generated.go
@@ -16775,6 +16775,13 @@ func schema_pkg_apis_pingcap_v1alpha1_TidbInitializerSpec(ref common.ReferenceCa
 							},
 						},
 					},
+					"serviceAccountName": {
+						SchemaProps: spec.SchemaProps{
+							Description: "ServiceAccountName is the name of the ServiceAccount to use to run TiDB initializer Pods.",
+							Type:        []string{"string"},
+							Format:      "",
+						},
+					},
 					"permitHost": {
 						SchemaProps: spec.SchemaProps{
 							Description: "permitHost is the host which will only be allowed to connect to the TiDB.",
diff --git a/pkg/apis/pingcap/v1alpha1/tidbinitializer_types.go b/pkg/apis/pingcap/v1alpha1/tidbinitializer_types.go
index edd4957555..bd1f5188fa 100644
--- a/pkg/apis/pingcap/v1alpha1/tidbinitializer_types.go
+++ b/pkg/apis/pingcap/v1alpha1/tidbinitializer_types.go
@@ -73,6 +73,10 @@ type TidbInitializerSpec struct {
 	// +optional
 	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
 
+	// ServiceAccountName is the name of the ServiceAccount to use to run TiDB initializer Pods.
+	// +optional
+	ServiceAccountName string `json:"serviceAccountName,omitempty"`
+
 	// permitHost is the host which will only be allowed to connect to the TiDB.
 	// +optional
 	PermitHost *string `json:"permitHost,omitempty"`
diff --git a/pkg/manager/member/tidb_init_manager.go b/pkg/manager/member/tidb_init_manager.go
index 4b6ec4fdae..3f3ed6e7a8 100644
--- a/pkg/manager/member/tidb_init_manager.go
+++ b/pkg/manager/member/tidb_init_manager.go
@@ -353,6 +353,7 @@ func (m *tidbInitManager) makeTiDBInitJob(ti *v1alpha1.TidbInitializer) (*batchv
 		},
 		Spec: corev1.PodSpec{
 			ImagePullSecrets:             ti.Spec.ImagePullSecrets,
+			ServiceAccountName:           ti.Spec.ServiceAccountName,
 			SecurityContext:              ti.Spec.PodSecurityContext,
 			AutomountServiceAccountToken: pointer.BoolPtr(false),
 			InitContainers: []corev1.Container{
diff --git a/pkg/manager/member/tidb_init_manager_test.go b/pkg/manager/member/tidb_init_manager_test.go
index 48c524f0d3..203e527b54 100644
--- a/pkg/manager/member/tidb_init_manager_test.go
+++ b/pkg/manager/member/tidb_init_manager_test.go
@@ -143,6 +143,21 @@ func TestMakeTiDBInitJobDisablesServiceAccountTokenAutomount(t *testing.T) {
 	g.Expect(*job.Spec.Template.Spec.AutomountServiceAccountToken).To(BeFalse())
 }
 
+func TestMakeTiDBInitJobUsesServiceAccountName(t *testing.T) {
+	g := NewGomegaWithT(t)
+	tim, _, indexers := newFakeTiDBInitManager()
+	ti := newTidbInitializerForTiDB()
+	ti.Spec.ServiceAccountName = "tidb-initializer"
+	tc := newTidbClusterForTiDB()
+
+	err := indexers.tc.Add(tc)
+	g.Expect(err).NotTo(HaveOccurred())
+
+	job, err := tim.makeTiDBInitJob(ti)
+	g.Expect(err).NotTo(HaveOccurred())
+	g.Expect(job.Spec.Template.Spec.ServiceAccountName).To(Equal("tidb-initializer"))
+}
+
 func newFakeTiDBInitManager() (*tidbInitManager, *tidbMemberManager, *fakeIndexers) {
 	tmm, _, _, indexers := newFakeTiDBMemberManager()
 	indexers.job = tmm.deps.KubeInformerFactory.Batch().V1().Jobs().Informer().GetIndexer()