diff --git a/core/modules/user/src/PermissionHandler.php b/core/modules/user/src/PermissionHandler.php
index 1ab75f8d..a7ea7b07 100644
--- a/core/modules/user/src/PermissionHandler.php
+++ b/core/modules/user/src/PermissionHandler.php
@@ -114,6 +114,8 @@ protected function getYamlDiscovery() {
   public function getPermissions() {
     if (empty($this->allPermissions)) {
       $this->allPermissions = $this->sortPermissions($this->buildPermissionsYaml());
+      // Invoke hook_permissions_alter().
+      $this->moduleHandler->alter('permissions', $this->allPermissions);
     }
     return $this->allPermissions;
   }
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 0cc211c4..5bb36806 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -1293,12 +1293,24 @@ function user_form_process_password_confirm($element) {
   return $element;
 }
 
+/**
+ * Implements hook_modules_installed().
+ */
+function user_modules_installed($modules) {
+  // Reset the user.permissions service to reset statically cached
+  // permissions.
+  \Drupal::getContainer()->set('user.permissions', NULL);
+}
+
 /**
  * Implements hook_modules_uninstalled().
  */
 function user_modules_uninstalled($modules) {
   // Remove any potentially orphan module data stored for users.
   \Drupal::service('user.data')->delete($modules);
+  // Reset the user.permissions service to reset statically cached
+  // permissions.
+  \Drupal::getContainer()->set('user.permissions', NULL);
 }
 
 /**