diff --git a/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php b/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
index 3b16d1c..8df6547 100644
--- a/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
+++ b/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
@@ -304,15 +304,15 @@ public function fieldAccess($operation, FieldDefinitionInterface $field_definiti
     $default = $items ? $items->defaultAccess($operation, $account) : AccessResult::allowed();
 
     // Explicitly disallow changing the entity ID and entity UUID.
-    if ($operation === 'edit') {
+    // Since the 'edit' operation is used for field-level access when creating
+    // entities as well, we need to check whether the entity is new, as in this
+    // case explicitly setting the ID or UUID is allowed.
+    if ($operation === 'edit' && $items && ($entity = $items->getEntity()) && !$entity->isNew()) {
       if ($field_definition->getName() === $this->entityType->getKey('id')) {
-        return $return_as_object ? AccessResult::forbidden('The entity ID cannot be changed') : FALSE;
+        return $return_as_object ? AccessResult::forbidden('The entity ID cannot be changed')->addCacheableDependency($entity) : FALSE;
       }
       elseif ($field_definition->getName() === $this->entityType->getKey('uuid')) {
-        // UUIDs can be set when creating an entity.
-        if ($items && ($entity = $items->getEntity()) && !$entity->isNew()) {
-          return $return_as_object ? AccessResult::forbidden('The entity UUID cannot be changed')->addCacheableDependency($entity) : FALSE;
-        }
+        return $return_as_object ? AccessResult::forbidden('The entity UUID cannot be changed')->addCacheableDependency($entity) : FALSE;
       }
     }
 
diff --git a/core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php b/core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php
index 216e8d6..2da8e43 100644
--- a/core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php
+++ b/core/modules/user/tests/src/Unit/UserAccessControlHandlerTest.php
@@ -7,6 +7,7 @@
 use Drupal\Core\DependencyInjection\Container;
 use Drupal\Tests\UnitTestCase;
 use Drupal\user\UserAccessControlHandler;
+use Drupal\user\UserInterface;
 
 /**
  * Tests the user access controller.
@@ -66,7 +67,7 @@ protected function setUp() {
     $container->set('cache_contexts_manager', $cache_contexts_manager);
     \Drupal::setContainer($container);
 
-    $this->viewer = $this->getMock('\Drupal\Core\Session\AccountInterface');
+    $this->viewer = $this->getMock(UserInterface::class);
     $this->viewer
       ->expects($this->any())
       ->method('hasPermission')
@@ -75,8 +76,12 @@ protected function setUp() {
       ->expects($this->any())
       ->method('id')
       ->will($this->returnValue(1));
+    $this->viewer
+      ->expects($this->any())
+      ->method('isNew')
+      ->will($this->returnValue(FALSE));
 
-    $this->owner = $this->getMock('\Drupal\Core\Session\AccountInterface');
+    $this->owner = $this->getMock(UserInterface::class);
     $this->owner
       ->expects($this->any())
       ->method('hasPermission')
@@ -84,11 +89,14 @@ protected function setUp() {
         ['administer users', FALSE],
         ['change own username', TRUE],
       ]));
-
     $this->owner
       ->expects($this->any())
       ->method('id')
       ->will($this->returnValue(2));
+    $this->owner
+      ->expects($this->any())
+      ->method('isNew')
+      ->will($this->returnValue(FALSE));
 
     $this->admin = $this->getMock('\Drupal\Core\Session\AccountInterface');
     $this->admin