diff -u b/core/modules/user/src/Form/UserCancelForm.php b/core/modules/user/src/Form/UserCancelForm.php
--- b/core/modules/user/src/Form/UserCancelForm.php
+++ b/core/modules/user/src/Form/UserCancelForm.php
@@ -85,9 +85,8 @@
     $form['user_cancel_method'] += $this->cancelMethods;
 
     // When managing another user, can skip the account cancellation
-    // confirmation mail (by default), as long as not attempting to cancel own
-    // account.
-    $override_access = $manage_other_user && ($this->entity->id() != $user->id());
+    // confirmation mail (by default).
+    $override_access = $this->entity->id() != $user->id();
     $form['user_cancel_confirm'] = [
       '#type' => 'checkbox',
       '#title' => $this->t('Require email confirmation to cancel account'),
diff -u b/core/modules/user/src/RegisterForm.php b/core/modules/user/src/RegisterForm.php
--- b/core/modules/user/src/RegisterForm.php
+++ b/core/modules/user/src/RegisterForm.php
@@ -18,11 +18,19 @@
     $user = $this->currentUser();
     /** @var \Drupal\user\UserInterface $account */
     $account = $this->entity;
+
+    // This form is used for two cases: a new user registering their own
+    // account or an admin creating another user's account.  The registration
+    // case is only accessible to anonymous users.
+    // Note that the Entity framework checks access before calling this
+    // function to ensure that a user can only create another user if they have
+    // core or contrib permissions to allow it.
     $manage_other_user = !$user->isAnonymous();
+
     // Pass access information to the submit handler. Running an access check
     // inside the submit function interferes with form processing and breaks
     // hook_form_alter().
-    $form['manage_other_user'] = [
+    $form['administer_users'] = [
       '#type' => 'value',
       '#value' => $manage_other_user,
     ];
@@ -63,7 +71,7 @@
    * {@inheritdoc}
    */
   public function submitForm(array &$form, FormStateInterface $form_state) {
-    $manage_other_user = $form_state->getValue('manage_other_user');
+    $manage_other_user = $form_state->getValue('administer_users');
 
     if (!\Drupal::config('user.settings')->get('verify_mail') || $manage_other_user) {
       $pass = $form_state->getValue('pass');
@@ -87,7 +95,7 @@
   public function save(array $form, FormStateInterface $form_state) {
     $account = $this->entity;
     $pass = $account->getPassword();
-    $manage_other_user = $form_state->getValue('manage_other_user');
+    $manage_other_user = $form_state->getValue('administer_users');
     $notify = !$form_state->isValueEmpty('notify');
 
     // Save has no return value so this cannot be tested.
only in patch2:
unchanged:
--- a/core/modules/user/src/ProfileForm.php
+++ b/core/modules/user/src/ProfileForm.php
@@ -25,7 +25,7 @@ protected function actions(array $form, FormStateInterface $form_state) {
     $element['delete']['#type'] = 'submit';
     $element['delete']['#value'] = $this->t('Cancel account');
     $element['delete']['#submit'] = ['::editCancelSubmit'];
-    $element['delete']['#access'] = $account->id() > 1 && (($account->id() == $user->id() && $user->hasPermission('cancel account')) || $user->hasPermission('administer users'));
+    $element['delete']['#access'] = $account->access('delete', $user);
 
     return $element;
   }