diff --git a/core/modules/user/src/Tests/UserSubAdminTest.php b/core/modules/user/src/Tests/UserSubAdminTest.php
new file mode 100644
index 0000000..fa3428a
--- /dev/null
+++ b/core/modules/user/src/Tests/UserSubAdminTest.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace Drupal\user\Tests;
+
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Test 'sub-admin' account with permission to edit some users but without 'administer users' permission.
+ *
+ * @group user
+ */
+class UserSubAdminTest extends WebTestBase {
+
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = ['user_access_test'];
+
+  /**
+   * Test create and cancel forms as 'sub-admin'.
+   */
+  public function testSubAdmin() {
+    $user = $this->createUser(['sub-admin']);
+    $this->drupalLogin($user);
+
+    // Test that the create user page has admin fields but not roles.
+    $this->drupalGet('admin/people/create');
+    $this->assertField("edit-name", "Name field exists.");
+    $this->assertField("edit-status-0", "Status field exists.");
+    $this->assertField("edit-notify", "Notify field exists.");
+    $this->assertNoField("edit-role", "Role field missing.");
+
+    // Test that create user gives an admin style message.
+    $edit = [
+      'name' => $this->randomMachineName(),
+      'mail' => $this->randomMachineName() . '@example.com',
+      'pass[pass1]' => $pass = $this->randomString(),
+      'pass[pass2]' => $pass,
+      'notify' => FALSE,
+    ];
+    $this->drupalPostForm('admin/people/create', $edit, t('Create new account'));
+    $this->assertText(t('Created a new user account for @name. No email has been sent.', ['@name' => $edit['name']]), 'User created');
+
+    // Test that the cancel user page has admin fields.
+    $cancel_user = $this->createUser();
+    $this->drupalGet('user/' . $cancel_user->id() . '/cancel');
+    $this->assertRaw(t('Are you sure you want to cancel the account %name?', ['%name' => $cancel_user->getUsername()]), 'Confirmation form to cancel account displayed.');
+    $this->assertText(t('Select the method to cancel the account above.'), 'Allows to select account cancellation method.');
+
+    // Test that cancel confirmation gives an admin style message.
+    $this->drupalPostForm(NULL, NULL, t('Cancel account'));
+    $this->assertRaw(t('%name has been disabled.', ['%name' => $cancel_user->getUsername()]), "Confirmation message displayed to user.");
+  }
+}
diff --git a/core/modules/user/tests/modules/user_access_test/src/Routing/RouteTestSubscriber.php b/core/modules/user/tests/modules/user_access_test/src/Routing/RouteTestSubscriber.php
new file mode 100644
index 0000000..42bb164
--- /dev/null
+++ b/core/modules/user/tests/modules/user_access_test/src/Routing/RouteTestSubscriber.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace Drupal\user_access_test\Routing;
+
+use Drupal\Core\Routing\RouteSubscriberBase;
+use Symfony\Component\Routing\RouteCollection;
+
+/**
+ * Listens to the dynamic route events.
+ */
+class RouteTestSubscriber extends RouteSubscriberBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  public function alterRoutes(RouteCollection $collection) {
+    // Provide additional access according to our permissions.
+    if ($route = $collection->get('user.admin_create')) {
+      $perm = $route->getRequirement('_permission') . '+sub-admin';
+      $route->setRequirement('_permission', $perm);
+    }
+  }
+}
diff --git a/core/modules/user/tests/modules/user_access_test/user_access_test.module b/core/modules/user/tests/modules/user_access_test/user_access_test.module
index 470a76a..0f1ef99 100644
--- a/core/modules/user/tests/modules/user_access_test/user_access_test.module
+++ b/core/modules/user/tests/modules/user_access_test/user_access_test.module
@@ -20,5 +20,11 @@ function user_access_test_user_access(User $entity, $operation, $account) {
     // Deny delete access.
     return AccessResult::forbidden();
   }
+
+  // Account with role sub-admin can manage users with no roles.
+  if (count($entity->getRoles()) == 1) {
+    return AccessResult::allowedIfHasPermission($account, 'sub-admin');
+  }
+
   return AccessResult::neutral();
 }
diff --git a/core/modules/user/tests/modules/user_access_test/user_access_test.permissions.yml b/core/modules/user/tests/modules/user_access_test/user_access_test.permissions.yml
new file mode 100644
index 0000000..dadf7ba
--- /dev/null
+++ b/core/modules/user/tests/modules/user_access_test/user_access_test.permissions.yml
@@ -0,0 +1,2 @@
+sub-admin:
+  title: 'Administer users with no roles'
diff --git a/core/modules/user/tests/modules/user_access_test/user_access_test.services.yml b/core/modules/user/tests/modules/user_access_test/user_access_test.services.yml
new file mode 100644
index 0000000..1c873bd
--- /dev/null
+++ b/core/modules/user/tests/modules/user_access_test/user_access_test.services.yml
@@ -0,0 +1,5 @@
+services:
+  user_access_test.route_subscriber:
+    class: Drupal\user_access_test\Routing\RouteTestSubscriber
+    tags:
+      - { name: event_subscriber }