diff --git a/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java b/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
index 800d877054..d8e01f9ff5 100644
--- a/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
+++ b/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
@@ -32,6 +32,7 @@ import com.google.gerrit.server.project.NoSuchProjectException;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.gerrit.server.project.ProjectState;
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import java.io.IOException;
 import java.util.Collection;
@@ -44,12 +45,16 @@ import java.util.Set;
 public class DefaultPermissionBackend extends PermissionBackend {
   private static final CurrentUser.PropertyKey<Boolean> IS_ADMIN = CurrentUser.PropertyKey.create();
 
+  private final Provider<CurrentUser> currentUser;
   private final ProjectCache projectCache;
   private final ProjectControl.Factory projectControlFactory;
 
   @Inject
   DefaultPermissionBackend(
-      ProjectCache projectCache, ProjectControl.Factory projectControlFactory) {
+      Provider<CurrentUser> currentUser,
+      ProjectCache projectCache,
+      ProjectControl.Factory projectControlFactory) {
+    this.currentUser = currentUser;
     this.projectCache = projectCache;
     this.projectControlFactory = projectControlFactory;
   }
@@ -58,6 +63,11 @@ public class DefaultPermissionBackend extends PermissionBackend {
     return projectCache.getAllProjects().getCapabilityCollection();
   }
 
+  @Override
+  public WithUser currentUser() {
+    return new WithUserImpl(currentUser.get());
+  }
+
   @Override
   public WithUser user(CurrentUser user) {
     return new WithUserImpl(checkNotNull(user, "user"));
diff --git a/java/com/google/gerrit/server/permissions/PermissionBackend.java b/java/com/google/gerrit/server/permissions/PermissionBackend.java
index 56c300d026..8b82e7937d 100644
--- a/java/com/google/gerrit/server/permissions/PermissionBackend.java
+++ b/java/com/google/gerrit/server/permissions/PermissionBackend.java
@@ -90,10 +90,19 @@ import org.slf4j.LoggerFactory;
 public abstract class PermissionBackend {
   private static final Logger logger = LoggerFactory.getLogger(PermissionBackend.class);
 
-  /** @return lightweight factory scoped to answer for the specified user. */
+  /** @return lightweight factory scoped to answer for the current user. */
+  public abstract WithUser currentUser();
+
+  /**
+   * @return lightweight factory scoped to answer for the specified user. If an instance scoped to
+   *     the current user is desired, use {@code currentUser()} instead.
+   */
   public abstract WithUser user(CurrentUser user);
 
-  /** @return lightweight factory scoped to answer for the specified user. */
+  /**
+   * @return lightweight factory scoped to answer for the specified user. If an instance scoped to
+   *     the current user is desired, use {@code currentUser()} instead.
+   */
   public <U extends CurrentUser> WithUser user(Provider<U> user) {
     return user(checkNotNull(user, "Provider<CurrentUser>").get());
   }