diff --git a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php
index f2312fe..028174a 100644
--- a/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php
+++ b/core/modules/user/lib/Drupal/user/Plugin/Core/Entity/User.php
@@ -19,6 +19,8 @@
  *   label = @Translation("User"),
  *   module = "user",
  *   controller_class = "Drupal\user\UserStorageController",
+ *   render_controller_class = "Drupal\user\UserRenderController",
+ *   access_controller_class = "Drupal\user\UserAccessController",
  *   form_controller_class = {
  *     "profile" = "Drupal\user\ProfileFormController",
  *     "register" = "Drupal\user\RegisterFormController"
diff --git a/core/modules/user/lib/Drupal/user/UserAccessController.php b/core/modules/user/lib/Drupal/user/UserAccessController.php
new file mode 100644
index 0000000..edeff44
--- /dev/null
+++ b/core/modules/user/lib/Drupal/user/UserAccessController.php
@@ -0,0 +1,74 @@
+<?php
+
+/**
+ * @file
+ * Contains Drupal\user\UserAccessController.
+ */
+
+namespace Drupal\user;
+
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Entity\EntityAccessControllerInterface;
+use Drupal\user\Plugin\Core\Entity\User;
+
+/**
+ * Defines the access controller for the user entity type.
+ */
+class UserAccessController implements EntityAccessControllerInterface {
+
+  /**
+   * Implements EntityAccessControllerInterface::viewAccess().
+   */
+  public function viewAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) {
+    $uid = $entity->uid;
+    if (!$account) {
+      $account = $GLOBALS['user'];
+    }
+
+    // Never allow access to view the anonymous user account.
+    if ($uid) {
+      // Admins can view all, users can view own profiles at all times.
+      if ($account->uid == $uid || user_access('administer users', $account)) {
+        return TRUE;
+      }
+      elseif (user_access('access user profiles', $account)) {
+        // Only allow view access if the account is active.
+        return $entity->status;
+      }
+    }
+    return FALSE;
+  }
+
+  /**
+   * Implements EntityAccessControllerInterface::createAccess().
+   */
+  public function createAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) {
+    return user_access('administer users', $account);
+  }
+
+  /**
+   * Implements EntityAccessControllerInterface::updateAccess().
+   */
+  public function updateAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) {
+    if (!$account) {
+      $account = $GLOBALS['user'];
+    }
+    // Users can always edit their own account. Users with the 'administer
+    // users' permission can edit any account except the anonymous account.
+    return (($account->uid == $entity->uid) || user_access('administer users', $account)) && $entity->uid > 0;
+  }
+
+  /**
+   * Implements EntityAccessControllerInterface::deleteAccess().
+   */
+  public function deleteAccess(EntityInterface $entity, $langcode = LANGUAGE_DEFAULT, User $account = NULL) {
+    if (!$account) {
+      $account = $GLOBALS['user'];
+    }
+    // Users with 'cancel account' permission can cancel their own account,
+    // users with 'administer users' permission can cancel any account except
+    // the anonymous account.
+    return ((($account->uid == $entity->uid) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $entity->uid > 0;
+  }
+
+}
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 7bb9f4d..67ff04c 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -979,30 +979,20 @@ function user_register_access() {
  *   Can either be a full user object or a $uid.
  */
 function user_view_access($account) {
-  $uid = is_object($account) ? $account->uid : (int) $account;
-
-  // Never allow access to view the anonymous user account.
-  if ($uid) {
-    // Admins can view all, users can view own profiles at all times.
-    if ($GLOBALS['user']->uid == $uid || user_access('administer users')) {
-      return TRUE;
-    }
-    elseif (user_access('access user profiles')) {
-      // At this point, load the complete account object.
-      if (!is_object($account)) {
-        $account = user_load($uid);
-      }
-      return (is_object($account) && $account->status);
-    }
+  if (is_numeric($account)) {
+    $account = user_load($account);
   }
-  return FALSE;
+  return $account->access('view');
 }
 
 /**
  * Access callback for user account editing.
  */
 function user_edit_access($account) {
-  return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && $account->uid > 0;
+  if (is_numeric($account)) {
+    $account = user_load($account);
+  }
+  return $account->access('update');
 }
 
 /**
@@ -1012,7 +1002,10 @@ function user_edit_access($account) {
  * users, and prevent the anonymous user from cancelling the account.
  */
 function user_cancel_access($account) {
-  return ((($GLOBALS['user']->uid == $account->uid) && user_access('cancel account')) || user_access('administer users')) && $account->uid > 0;
+  if (is_numeric($account)) {
+    $account = user_load($account);
+  }
+  return $account->access('delete');
 }
 
 /**