diff --git a/management/server/account.go b/management/server/account.go
index 5d934d56e..06c596a65 100644
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -1745,7 +1745,7 @@ func (am *DefaultAccountManager) GetAccountFromToken(ctx context.Context, claims
 		return "", "", err
 	}
 
-	user, err := am.Store.GetUserByUserID(ctx, claims.UserId)
+	user, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, claims.UserId)
 	if err != nil {
 		// this is not really possible because we got an account by user ID
 		return "", "", status.Errorf(status.NotFound, "user %s not found", claims.UserId)
@@ -1768,7 +1768,7 @@ func (am *DefaultAccountManager) GetAccountFromToken(ctx context.Context, claims
 // syncJWTGroups processes the JWT groups for a user, updates the account based on the groups,
 // and propagates changes to peers if group propagation is enabled.
 func (am *DefaultAccountManager) syncJWTGroups(ctx context.Context, claims jwtclaims.AuthorizationClaims, accountID string) error {
-	settings, err := am.Store.GetAccountSettings(ctx, accountID)
+	settings, err := am.Store.GetAccountSettings(ctx, LockingStrengthShare, accountID)
 	if err != nil {
 		return err
 	}
@@ -2033,7 +2033,7 @@ func (am *DefaultAccountManager) CheckUserAccessByJWTGroups(ctx context.Context,
 		return err
 	}
 
-	settings, err := am.Store.GetAccountSettings(ctx, accountID)
+	settings, err := am.Store.GetAccountSettings(ctx, LockingStrengthShare, accountID)
 	if err != nil {
 		return err
 	}
diff --git a/management/server/user.go b/management/server/user.go
index 5dce744a6..ac38d9f3f 100644
--- a/management/server/user.go
+++ b/management/server/user.go
@@ -359,9 +359,7 @@ func (am *DefaultAccountManager) inviteNewUser(ctx context.Context, accountID, u
 
 // GetUserByID looks up a user by provided user id.
 func (am *DefaultAccountManager) GetUserByID(ctx context.Context, id string) (*User, error) {
-	unlock := am.Store.AcquireReadLockByUID(ctx, id)
-	defer unlock()
-	return am.Store.GetUserByUserID(ctx, id)
+	return am.Store.GetUserByUserID(ctx, LockingStrengthShare, id)
 }
 
 // GetUser looks up a user by provided authorization claims.