diff --git a/core/lib/Drupal/Core/Entity/Element/EntityAutocomplete.php b/core/lib/Drupal/Core/Entity/Element/EntityAutocomplete.php
index 31c10366..11b4c89 100644
--- a/core/lib/Drupal/Core/Entity/Element/EntityAutocomplete.php
+++ b/core/lib/Drupal/Core/Entity/Element/EntityAutocomplete.php
@@ -204,14 +204,10 @@ public static function validateEntityAutocomplete(array &$element, FormStateInte
   public static function getEntityLabels(array $entities) {
     $entity_labels = array();
     foreach ($entities as $entity) {
-      // We don't need access check on users, this will give bad UX when
-      // editing a node created by anonymous user and other cases.
-      if ($entity instanceof \Drupal\user\UserInterface) {
-        $label = $entity->label();
-      }
-      else {
-        $label = ($entity->access('view')) ? $entity->label() : t('- Restricted access -');
-      }
+      // Use the special view label, since some entites allow the label to be
+      // viewed, even if the entity is not allowed to be viewed.
+      $label = ($entity->access('view label')) ? $entity->label() : t('- Restricted access -');
+
       // Take into account "autocreated" entities.
       if (!$entity->isNew()) {
         $label .= ' (' . $entity->id() . ')';
diff --git a/core/lib/Drupal/Core/Entity/Entity.php b/core/lib/Drupal/Core/Entity/Entity.php
index 1b38477..ab44aed 100644
--- a/core/lib/Drupal/Core/Entity/Entity.php
+++ b/core/lib/Drupal/Core/Entity/Entity.php
@@ -309,6 +309,11 @@ public function uriRelationships() {
    * {@inheritdoc}
    */
   public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
+    // By default, use the same permission schema for viewing a label as
+    // viewing an entity.
+    if ($operation == 'view label') {
+      $operation = 'view';
+    }
     if ($operation == 'create') {
       return $this->entityManager()
         ->getAccessControlHandler($this->entityTypeId)
diff --git a/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php b/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
index c34cffc..13779f7 100644
--- a/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
+++ b/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
@@ -54,6 +54,10 @@ public function __construct(EntityTypeInterface $entity_type) {
    * {@inheritdoc}
    */
   public function access(EntityInterface $entity, $operation, $langcode = LanguageInterface::LANGCODE_DEFAULT, AccountInterface $account = NULL, $return_as_object = FALSE) {
+    // Require view access to view the label.
+    if ($operation == 'view label') {
+      $operation = 'view';
+    }
     $account = $this->prepareUser($account);
 
     if (($return = $this->getCache($entity->uuid(), $operation, $langcode, $account)) !== NULL) {
diff --git a/core/modules/link/src/Tests/LinkFieldTest.php b/core/modules/link/src/Tests/LinkFieldTest.php
index fc33dd2..2802eab 100644
--- a/core/modules/link/src/Tests/LinkFieldTest.php
+++ b/core/modules/link/src/Tests/LinkFieldTest.php
@@ -128,7 +128,6 @@ function testURLValidation() {
       $node->label() . ' (1)' => $node->label() . ' (1)',
       // Entity URI displayed as ER autocomplete value when displayed in a form.
       'entity:node/1' => $node->label() . ' (1)',
-      // URI for an entity that exists, but is not accessible by the user.
       // Account labels are not treated as confidential information.
       'entity:user/1' => $admin_account->label() . ' (1)',
       // URI for an entity that doesn't exist, but with a valid ID.
diff --git a/core/modules/user/src/Entity/User.php b/core/modules/user/src/Entity/User.php
index 1a78c98..c9be269 100644
--- a/core/modules/user/src/Entity/User.php
+++ b/core/modules/user/src/Entity/User.php
@@ -7,6 +7,7 @@
 
 namespace Drupal\user\Entity;
 
+use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Entity\ContentEntityBase;
 use Drupal\Core\Entity\EntityStorageInterface;
 use Drupal\Core\Entity\EntityTypeInterface;
@@ -86,6 +87,18 @@ public function isNew() {
   /**
    * {@inheritdoc}
    */
+  public function access($operation, \Drupal\Core\Session\AccountInterface $account = NULL, $return_as_object = FALSE) {
+    // We don't treat the label as priviledged information.
+    if ($operation == 'view label') {
+      $result = AccessResult::allowed();
+      return $return_as_object ? $result : $result->isAllowed();
+    }
+    return parent::access($operation, $account, $return_as_object);
+  }
+
+  /**
+   * {@inheritdoc}
+   */
   public function preSave(EntityStorageInterface $storage) {
     parent::preSave($storage);