diff --git a/src/Umbraco.Core/Constants-Security.cs b/src/Umbraco.Core/Constants-Security.cs
index 0a17b17907..f1b9f5cce3 100644
--- a/src/Umbraco.Core/Constants-Security.cs
+++ b/src/Umbraco.Core/Constants-Security.cs
@@ -10,7 +10,7 @@ namespace Umbraco.Core
             /// <summary>
             /// Gets the identifier of the 'super' user.
             /// </summary>
-            public const int SuperId = -1;
+            public const int SuperUserId = -1;
 
             /// <summary>
             /// The id for the 'unknown' user
@@ -18,7 +18,7 @@ namespace Umbraco.Core
             /// <remarks>
             /// This is a user row that exists in the DB only for referential integrity but the user is never returned from any of the services
             /// </remarks>
-            public const int UnknownId = 0;
+            public const int UnknownUserId = 0;
 
             public const string AdminGroupAlias = "admin";
             public const string SensitiveDataGroupAlias = "sensitiveData";
diff --git a/src/Umbraco.Core/Migrations/Install/DatabaseBuilder.cs b/src/Umbraco.Core/Migrations/Install/DatabaseBuilder.cs
index a3fd35df44..b7f1569e20 100644
--- a/src/Umbraco.Core/Migrations/Install/DatabaseBuilder.cs
+++ b/src/Umbraco.Core/Migrations/Install/DatabaseBuilder.cs
@@ -101,7 +101,7 @@ namespace Umbraco.Core.Migrations.Install
                 var sql = scope.Database.SqlContext.Sql()
                     .SelectCount()
                     .From<UserDto>()
-                    .Where<UserDto>(x => x.Id == Constants.Security.SuperId && x.Password == "default");
+                    .Where<UserDto>(x => x.Id == Constants.Security.SuperUserId && x.Password == "default");
                 var result = scope.Database.ExecuteScalar<int>(sql);
                 var has = result != 1;
                 if (has == false)
diff --git a/src/Umbraco.Core/Migrations/Install/DatabaseDataCreator.cs b/src/Umbraco.Core/Migrations/Install/DatabaseDataCreator.cs
index 92a19e5f28..dda1207f92 100644
--- a/src/Umbraco.Core/Migrations/Install/DatabaseDataCreator.cs
+++ b/src/Umbraco.Core/Migrations/Install/DatabaseDataCreator.cs
@@ -144,8 +144,7 @@ namespace Umbraco.Core.Migrations.Install
 
         private void CreateUserData()
         {
-            _database.Insert(Constants.DatabaseSchema.Tables.User, "id", false, new UserDto { Id = Constants.Security.UnknownId, Disabled = true, NoConsole = true, UserName = "$UMB_UNKNOWN_USER$", Login = "$UMB_UNKNOWN_USER$", Password = "$UMB_UNKNOWN_USER$", Email = "", UserLanguage = "en-US", CreateDate = DateTime.Now, UpdateDate = DateTime.Now });
-            _database.Insert(Constants.DatabaseSchema.Tables.User, "id", false, new UserDto { Id = Constants.Security.SuperId, Disabled = false, NoConsole = false, UserName = "Administrator", Login = "admin", Password = "default", Email = "", UserLanguage = "en-US", CreateDate = DateTime.Now, UpdateDate = DateTime.Now });
+            _database.Insert(Constants.DatabaseSchema.Tables.User, "id", false, new UserDto { Id = Constants.Security.SuperUserId, Disabled = false, NoConsole = false, UserName = "Administrator", Login = "admin", Password = "default", Email = "", UserLanguage = "en-US", CreateDate = DateTime.Now, UpdateDate = DateTime.Now });
         }
 
         private void CreateUserGroupData()
@@ -159,8 +158,8 @@ namespace Umbraco.Core.Migrations.Install
 
         private void CreateUser2UserGroupData()
         {
-            _database.Insert(new User2UserGroupDto { UserGroupId = 1, UserId = Constants.Security.SuperId }); // add super to admins
-            _database.Insert(new User2UserGroupDto { UserGroupId = 5, UserId = Constants.Security.SuperId }); // add super to sensitive data
+            _database.Insert(new User2UserGroupDto { UserGroupId = 1, UserId = Constants.Security.SuperUserId }); // add super to admins
+            _database.Insert(new User2UserGroupDto { UserGroupId = 5, UserId = Constants.Security.SuperUserId }); // add super to sensitive data
         }
 
         private void CreateUserGroup2AppData()
diff --git a/src/Umbraco.Core/Migrations/Upgrade/UmbracoPlan.cs b/src/Umbraco.Core/Migrations/Upgrade/UmbracoPlan.cs
index 565d5be138..cf531a0610 100644
--- a/src/Umbraco.Core/Migrations/Upgrade/UmbracoPlan.cs
+++ b/src/Umbraco.Core/Migrations/Upgrade/UmbracoPlan.cs
@@ -119,6 +119,7 @@ namespace Umbraco.Core.Migrations.Upgrade
             Chain<AddVariationTables1A>("{66B6821A-0DE3-4DF8-A6A4-65ABD211EDDE}");
             Chain<AddVariationTables2>("{49506BAE-CEBB-4431-A1A6-24AD6EBBBC57}");
             Chain<RefactorMacroColumns>("{083A9894-903D-41B7-B6B3-9EAF2D4CCED0}");
+            Chain<UserForeignKeys>("{42097524-0F8C-482C-BD79-AC7407D8A028}");
 
             // must chain to v8 final state (see at end of file)
             Chain("{A7540C58-171D-462A-91C5-7A9AA5CB8BFD}");
@@ -211,11 +212,12 @@ namespace Umbraco.Core.Migrations.Upgrade
             Add<AddVariationTables1A>("{941B2ABA-2D06-4E04-81F5-74224F1DB037}", "{76DF5CD7-A884-41A5-8DC6-7860D95B1DF5}");
 
             Chain<RefactorMacroColumns>("{A7540C58-171D-462A-91C5-7A9AA5CB8BFD}");
+            Chain<UserForeignKeys>("{3E44F712-E2E3-473A-AE49-5D7F8E67CE3F}");
 
             // FINAL STATE - MUST MATCH LAST ONE ABOVE !
             // whenever this changes, update all references in this file!
 
-            Add(string.Empty, "{A7540C58-171D-462A-91C5-7A9AA5CB8BFD}");
+            Add(string.Empty, "{3E44F712-E2E3-473A-AE49-5D7F8E67CE3F}");
         }
     }
 }
diff --git a/src/Umbraco.Core/Migrations/Upgrade/V_7_9_0/CreateSensitiveDataUserGroup.cs b/src/Umbraco.Core/Migrations/Upgrade/V_7_9_0/CreateSensitiveDataUserGroup.cs
index a3749f7be5..ce656aa0c1 100644
--- a/src/Umbraco.Core/Migrations/Upgrade/V_7_9_0/CreateSensitiveDataUserGroup.cs
+++ b/src/Umbraco.Core/Migrations/Upgrade/V_7_9_0/CreateSensitiveDataUserGroup.cs
@@ -21,7 +21,7 @@ namespace Umbraco.Core.Migrations.Upgrade.V_7_9_0
             if (exists) return;
 
             var groupId = Database.Insert(Constants.DatabaseSchema.Tables.UserGroup, "id", new UserGroupDto { StartMediaId = -1, StartContentId = -1, Alias = Constants.Security.SensitiveDataGroupAlias, Name = "Sensitive data", DefaultPermissions = "", CreateDate = DateTime.Now, UpdateDate = DateTime.Now, Icon = "icon-lock" });
-            Database.Insert(new User2UserGroupDto { UserGroupId = Convert.ToInt32(groupId), UserId = Constants.Security.SuperId }); // add super to sensitive data
+            Database.Insert(new User2UserGroupDto { UserGroupId = Convert.ToInt32(groupId), UserId = Constants.Security.SuperUserId }); // add super to sensitive data
         }
     }
 }
diff --git a/src/Umbraco.Core/Migrations/Upgrade/V_8_0_0/UserForeignKeys.cs b/src/Umbraco.Core/Migrations/Upgrade/V_8_0_0/UserForeignKeys.cs
new file mode 100644
index 0000000000..68a68ec53e
--- /dev/null
+++ b/src/Umbraco.Core/Migrations/Upgrade/V_8_0_0/UserForeignKeys.cs
@@ -0,0 +1,38 @@
+using NPoco;
+using Umbraco.Core.Persistence.DatabaseAnnotations;
+using Umbraco.Core.Persistence.Dtos;
+
+namespace Umbraco.Core.Migrations.Upgrade.V_8_0_0
+{
+    /// <summary>
+    /// Creates/Updates non mandatory FK columns to the user table
+    /// </summary>
+    public class UserForeignKeys : MigrationBase
+    {
+        public UserForeignKeys(IMigrationContext context)
+            : base(context)
+        { }
+
+        public override void Migrate()
+        {
+            //first allow NULL-able
+            Alter.Table(ContentVersionCultureVariationDto.TableName).AlterColumn("availableUserId").AsInt32().Nullable().Do();
+            Alter.Table(ContentVersionDto.TableName).AlterColumn("userId").AsInt32().Nullable().Do();
+            Alter.Table(Constants.DatabaseSchema.Tables.Log).AlterColumn("userId").AsInt32().Nullable().Do();
+            Alter.Table(NodeDto.TableName).AlterColumn("nodeUser").AsInt32().Nullable().Do();
+
+            //then we can update any non existing users to NULL
+            Execute.Sql($"UPDATE {ContentVersionCultureVariationDto.TableName} SET availableUserId = NULL WHERE availableUserId NOT IN (SELECT id FROM {UserDto.TableName})").Do();
+            Execute.Sql($"UPDATE {ContentVersionDto.TableName} SET userId = NULL WHERE userId NOT IN (SELECT id FROM {UserDto.TableName})").Do();
+            Execute.Sql($"UPDATE {Constants.DatabaseSchema.Tables.Log} SET userId = NULL WHERE userId NOT IN (SELECT id FROM {UserDto.TableName})").Do();
+            Execute.Sql($"UPDATE {NodeDto.TableName} SET nodeUser = NULL WHERE nodeUser NOT IN (SELECT id FROM {UserDto.TableName})").Do();
+
+            //now NULL-able with FKs
+            Alter.Table(ContentVersionCultureVariationDto.TableName).AlterColumn("availableUserId").AsInt32().Nullable().ForeignKey(UserDto.TableName, "id").Do();
+            Alter.Table(ContentVersionDto.TableName).AlterColumn("userId").AsInt32().Nullable().ForeignKey(UserDto.TableName, "id").Do();
+            Alter.Table(Constants.DatabaseSchema.Tables.Log).AlterColumn("userId").AsInt32().Nullable().ForeignKey(UserDto.TableName, "id").Do();
+            Alter.Table(NodeDto.TableName).AlterColumn("nodeUser").AsInt32().Nullable().ForeignKey(UserDto.TableName, "id").Do();
+        }
+
+    }
+}
diff --git a/src/Umbraco.Core/Models/UserExtensions.cs b/src/Umbraco.Core/Models/UserExtensions.cs
index 00dd3273bf..1b26d28764 100644
--- a/src/Umbraco.Core/Models/UserExtensions.cs
+++ b/src/Umbraco.Core/Models/UserExtensions.cs
@@ -31,7 +31,7 @@ namespace Umbraco.Core.Models
         public static bool IsSuper(this IUser user)
         {
             if (user == null) throw new ArgumentNullException(nameof(user));
-            return user.Id == Constants.Security.SuperId;
+            return user.Id == Constants.Security.SuperUserId;
         }
 
         /// <summary>
diff --git a/src/Umbraco.Core/Persistence/Dtos/ContentVersionCultureVariationDto.cs b/src/Umbraco.Core/Persistence/Dtos/ContentVersionCultureVariationDto.cs
index ed8a70ee18..a4e51b913e 100644
--- a/src/Umbraco.Core/Persistence/Dtos/ContentVersionCultureVariationDto.cs
+++ b/src/Umbraco.Core/Persistence/Dtos/ContentVersionCultureVariationDto.cs
@@ -10,6 +10,7 @@ namespace Umbraco.Core.Persistence.Dtos
     internal class ContentVersionCultureVariationDto
     {
         public const string TableName = Constants.DatabaseSchema.Tables.ContentVersionCultureVariation;
+        private int? _publishedUserId;
 
         [Column("id")]
         [PrimaryKeyColumn]
@@ -38,7 +39,8 @@ namespace Umbraco.Core.Persistence.Dtos
         // fixme want?
         [Column("availableUserId")]
         [ForeignKey(typeof(UserDto))]
-        public int PublishedUserId { get; set; }
+        [NullSetting(NullSetting = NullSettings.Null)]
+        public int? PublishedUserId { get => _publishedUserId == 0 ? null : _publishedUserId; set => _publishedUserId = value; } //return null if zero
 
         [Column("edited")]
         public bool Edited { get; set; }
diff --git a/src/Umbraco.Core/Persistence/Dtos/ContentVersionDto.cs b/src/Umbraco.Core/Persistence/Dtos/ContentVersionDto.cs
index 89cc03726f..ee706d2735 100644
--- a/src/Umbraco.Core/Persistence/Dtos/ContentVersionDto.cs
+++ b/src/Umbraco.Core/Persistence/Dtos/ContentVersionDto.cs
@@ -11,6 +11,7 @@ namespace Umbraco.Core.Persistence.Dtos
     internal class ContentVersionDto
     {
         public const string TableName = Constants.DatabaseSchema.Tables.ContentVersion;
+        private int? _userId;
 
         [Column("id")]
         [PrimaryKeyColumn]
@@ -26,7 +27,8 @@ namespace Umbraco.Core.Persistence.Dtos
 
         [Column("userId")]
         [ForeignKey(typeof(UserDto))]
-        public int UserId { get; set; }
+        [NullSetting(NullSetting = NullSettings.Null)]
+        public int? UserId { get => _userId == 0 ? null : _userId; set => _userId = value; } //return null if zero
 
         [Column("current")]
         public bool Current { get; set; }
diff --git a/src/Umbraco.Core/Persistence/Dtos/LogDto.cs b/src/Umbraco.Core/Persistence/Dtos/LogDto.cs
index 3f8d511074..2ecf85e87c 100644
--- a/src/Umbraco.Core/Persistence/Dtos/LogDto.cs
+++ b/src/Umbraco.Core/Persistence/Dtos/LogDto.cs
@@ -10,12 +10,16 @@ namespace Umbraco.Core.Persistence.Dtos
     [ExplicitColumns]
     internal class LogDto
     {
+        private int? _userId;
+
         [Column("id")]
         [PrimaryKeyColumn]
         public int Id { get; set; }
 
         [Column("userId")]
-        public int UserId { get; set; }
+        [ForeignKey(typeof(UserDto))]
+        [NullSetting(NullSetting = NullSettings.Null)]
+        public int? UserId { get => _userId == 0 ? null : _userId; set => _userId = value; } //return null if zero
 
         [Column("NodeId")]
         [Index(IndexTypes.NonClustered, Name = "IX_umbracoLog")]
diff --git a/src/Umbraco.Core/Persistence/Dtos/NodeDto.cs b/src/Umbraco.Core/Persistence/Dtos/NodeDto.cs
index 924f7ea301..10450f2bf4 100644
--- a/src/Umbraco.Core/Persistence/Dtos/NodeDto.cs
+++ b/src/Umbraco.Core/Persistence/Dtos/NodeDto.cs
@@ -12,6 +12,7 @@ namespace Umbraco.Core.Persistence.Dtos
     {
         public const string TableName = Constants.DatabaseSchema.Tables.Node;
         public const int NodeIdSeed = 1060;
+        private int? _userId;
 
         [Column("id")]
         [PrimaryKeyColumn(IdentitySeed = NodeIdSeed)]
@@ -45,8 +46,9 @@ namespace Umbraco.Core.Persistence.Dtos
         public bool Trashed { get; set; }
 
         [Column("nodeUser")] // fixme dbfix rename userId
+        [ForeignKey(typeof(UserDto))]
         [NullSetting(NullSetting = NullSettings.Null)]
-        public int? UserId { get; set; }
+        public int? UserId { get => _userId == 0 ? null : _userId; set => _userId = value; } //return null if zero
 
         [Column("text")]
         [NullSetting(NullSetting = NullSettings.Null)]
diff --git a/src/Umbraco.Core/Persistence/Factories/ContentBaseFactory.cs b/src/Umbraco.Core/Persistence/Factories/ContentBaseFactory.cs
index aa17facf8f..c3b4b0d24c 100644
--- a/src/Umbraco.Core/Persistence/Factories/ContentBaseFactory.cs
+++ b/src/Umbraco.Core/Persistence/Factories/ContentBaseFactory.cs
@@ -38,8 +38,8 @@ namespace Umbraco.Core.Persistence.Factories
                 content.SortOrder = nodeDto.SortOrder;
                 content.Trashed = nodeDto.Trashed;
 
-                content.CreatorId = nodeDto.UserId ?? 0;
-                content.WriterId = contentVersionDto.UserId;
+                content.CreatorId = nodeDto.UserId ?? Constants.Security.UnknownUserId;
+                content.WriterId = contentVersionDto.UserId ?? Constants.Security.UnknownUserId;
                 content.CreateDate = nodeDto.CreateDate;
                 content.UpdateDate = contentVersionDto.VersionDate;
 
@@ -96,8 +96,8 @@ namespace Umbraco.Core.Persistence.Factories
                 content.SortOrder = nodeDto.SortOrder;
                 content.Trashed = nodeDto.Trashed;
 
-                content.CreatorId = nodeDto.UserId ?? 0;
-                content.WriterId = contentVersionDto.UserId;
+                content.CreatorId = nodeDto.UserId ?? Constants.Security.UnknownUserId;
+                content.WriterId = contentVersionDto.UserId ?? Constants.Security.UnknownUserId;
                 content.CreateDate = nodeDto.CreateDate;
                 content.UpdateDate = contentVersionDto.VersionDate;
 
@@ -137,8 +137,8 @@ namespace Umbraco.Core.Persistence.Factories
                 content.SortOrder = nodeDto.SortOrder;
                 content.Trashed = nodeDto.Trashed;
 
-                content.CreatorId = nodeDto.UserId ?? 0;
-                content.WriterId = contentVersionDto.UserId;
+                content.CreatorId = nodeDto.UserId ?? Constants.Security.UnknownUserId;
+                content.WriterId = contentVersionDto.UserId ?? Constants.Security.UnknownUserId;
                 content.CreateDate = nodeDto.CreateDate;
                 content.UpdateDate = contentVersionDto.VersionDate;
 
diff --git a/src/Umbraco.Core/Persistence/Factories/ContentTypeFactory.cs b/src/Umbraco.Core/Persistence/Factories/ContentTypeFactory.cs
index f592bfddcb..f788880d34 100644
--- a/src/Umbraco.Core/Persistence/Factories/ContentTypeFactory.cs
+++ b/src/Umbraco.Core/Persistence/Factories/ContentTypeFactory.cs
@@ -105,7 +105,7 @@ namespace Umbraco.Core.Persistence.Factories
             entity.CreateDate = dto.NodeDto.CreateDate;
             entity.Path = dto.NodeDto.Path;
             entity.Level = dto.NodeDto.Level;
-            entity.CreatorId = dto.NodeDto.UserId.Value;
+            entity.CreatorId = dto.NodeDto.UserId ?? Constants.Security.UnknownUserId;
             entity.AllowedAsRoot = dto.AllowAtRoot;
             entity.IsContainer = dto.IsContainer;
             entity.Trashed = dto.NodeDto.Trashed;
diff --git a/src/Umbraco.Core/Persistence/Factories/DataTypeFactory.cs b/src/Umbraco.Core/Persistence/Factories/DataTypeFactory.cs
index 226aa07483..fa6513775f 100644
--- a/src/Umbraco.Core/Persistence/Factories/DataTypeFactory.cs
+++ b/src/Umbraco.Core/Persistence/Factories/DataTypeFactory.cs
@@ -32,7 +32,7 @@ namespace Umbraco.Core.Persistence.Factories
                 dataType.Path = dto.NodeDto.Path;
                 dataType.SortOrder = dto.NodeDto.SortOrder;
                 dataType.Trashed = dto.NodeDto.Trashed;
-                dataType.CreatorId = dto.NodeDto.UserId ?? 0;
+                dataType.CreatorId = dto.NodeDto.UserId ?? Constants.Security.UnknownUserId;
 
                 dataType.SetLazyConfiguration(dto.Configuration);
 
diff --git a/src/Umbraco.Core/Persistence/Repositories/Implement/AuditRepository.cs b/src/Umbraco.Core/Persistence/Repositories/Implement/AuditRepository.cs
index fd7161e48f..e171077bb7 100644
--- a/src/Umbraco.Core/Persistence/Repositories/Implement/AuditRepository.cs
+++ b/src/Umbraco.Core/Persistence/Repositories/Implement/AuditRepository.cs
@@ -53,7 +53,7 @@ namespace Umbraco.Core.Persistence.Repositories.Implement
             var dto = Database.First<LogDto>(sql);
             return dto == null
                 ? null
-                : new AuditItem(dto.NodeId, dto.Comment, Enum<AuditType>.Parse(dto.Header), dto.UserId);
+                : new AuditItem(dto.NodeId, dto.Comment, Enum<AuditType>.Parse(dto.Header), dto.UserId ?? Constants.Security.UnknownUserId);
         }
 
         protected override IEnumerable<IAuditItem> PerformGetAll(params int[] ids)
@@ -69,7 +69,7 @@ namespace Umbraco.Core.Persistence.Repositories.Implement
 
             var dtos = Database.Fetch<LogDto>(sql);
 
-            return dtos.Select(x => new AuditItem(x.NodeId, x.Comment, Enum<AuditType>.Parse(x.Header), x.UserId)).ToArray();
+            return dtos.Select(x => new AuditItem(x.NodeId, x.Comment, Enum<AuditType>.Parse(x.Header), x.UserId ?? Constants.Security.UnknownUserId)).ToArray();
         }
 
         protected override Sql<ISqlContext> GetBaseQuery(bool isCount)
@@ -160,7 +160,7 @@ namespace Umbraco.Core.Persistence.Repositories.Implement
             totalRecords = page.TotalItems;
 
             var items = page.Items.Select(
-                dto => new AuditItem(dto.Id, dto.Comment, Enum<AuditType>.Parse(dto.Header), dto.UserId)).ToArray();
+                dto => new AuditItem(dto.Id, dto.Comment, Enum<AuditType>.Parse(dto.Header), dto.UserId ?? Constants.Security.UnknownUserId)).ToArray();
 
             // map the DateStamp
             for (var i = 0; i < items.Length; i++)
diff --git a/src/Umbraco.Core/Persistence/Repositories/Implement/EntityContainerRepository.cs b/src/Umbraco.Core/Persistence/Repositories/Implement/EntityContainerRepository.cs
index 209edce8de..fae7ae2ebc 100644
--- a/src/Umbraco.Core/Persistence/Repositories/Implement/EntityContainerRepository.cs
+++ b/src/Umbraco.Core/Persistence/Repositories/Implement/EntityContainerRepository.cs
@@ -93,7 +93,7 @@ namespace Umbraco.Core.Persistence.Repositories.Implement
             var entity = new EntityContainer(nodeDto.NodeId, nodeDto.UniqueId,
                 nodeDto.ParentId, nodeDto.Path, nodeDto.Level, nodeDto.SortOrder,
                 containedObjectType,
-                nodeDto.Text, nodeDto.UserId ?? 0);
+                nodeDto.Text, nodeDto.UserId ?? Constants.Security.UnknownUserId);
 
             // reset dirty initial properties (U4-1946)
             entity.ResetDirtyProperties(false);
diff --git a/src/Umbraco.Core/Persistence/Repositories/Implement/EntityRepository.cs b/src/Umbraco.Core/Persistence/Repositories/Implement/EntityRepository.cs
index 8ed56b591a..7b10fe3872 100644
--- a/src/Umbraco.Core/Persistence/Repositories/Implement/EntityRepository.cs
+++ b/src/Umbraco.Core/Persistence/Repositories/Implement/EntityRepository.cs
@@ -847,7 +847,7 @@ namespace Umbraco.Core.Persistence.Repositories.Implement
         {
             entity.Trashed = dto.Trashed;
             entity.CreateDate = dto.CreateDate;
-            entity.CreatorId = dto.UserId ?? 0;
+            entity.CreatorId = dto.UserId ?? Constants.Security.UnknownUserId;
             entity.Id = dto.NodeId;
             entity.Key = dto.UniqueId;
             entity.Level = dto.Level;
diff --git a/src/Umbraco.Core/Persistence/Repositories/Implement/UserRepository.cs b/src/Umbraco.Core/Persistence/Repositories/Implement/UserRepository.cs
index e8f8e79567..05fe456bbd 100644
--- a/src/Umbraco.Core/Persistence/Repositories/Implement/UserRepository.cs
+++ b/src/Umbraco.Core/Persistence/Repositories/Implement/UserRepository.cs
@@ -83,9 +83,6 @@ namespace Umbraco.Core.Persistence.Repositories.Implement
 
         protected override IUser PerformGet(int id)
         {
-            if (id == Constants.Security.UnknownId)
-                return null;
-
             var sql = SqlContext.Sql()
                 .Select<UserDto>()
                 .From<UserDto>()
@@ -285,8 +282,7 @@ ORDER BY colName";
         {
             var sql = SqlContext.Sql()
                 .Select<UserDto>()
-                .From<UserDto>()
-                .Where<UserDto>(x => x.Id != Constants.Security.UnknownId); 
+                .From<UserDto>();
 
             with?.Invoke(sql);
 
@@ -620,9 +616,7 @@ ORDER BY colName";
 
         public int GetCountByQuery(IQuery<IUser> query)
         {
-            var sqlClause = GetBaseQuery("umbracoUser.id")
-                .Where<UserDto>(x => x.Id != Constants.Security.UnknownId);
-
+            var sqlClause = GetBaseQuery("umbracoUser.id");
             var translator = new SqlTranslator<IUser>(sqlClause, query);
             var subquery = translator.Translate();
             //get the COUNT base query
@@ -637,7 +631,7 @@ ORDER BY colName";
             var sql = SqlContext.Sql()
                 .SelectCount()
                 .From<UserDto>()
-                .Where<UserDto>(x => x.Id != Constants.Security.UnknownId && x.UserName == username);
+                .Where<UserDto>(x => x.UserName == username);
 
             return Database.ExecuteScalar<int>(sql) > 0;
         }
@@ -676,8 +670,6 @@ ORDER BY colName";
             else
                 sql.WhereNotIn<UserDto>(x => x.Id, inSql);
 
-            sql.Where<UserDto>(x => x.Id != Constants.Security.UnknownId);
-
             return ConvertFromDtos(Database.Fetch<UserDto>(sql));
         }
 
@@ -808,7 +800,7 @@ ORDER BY colName";
                 sql = new SqlTranslator<IUser>(sql, query).Translate();
 
             // get sorted and filtered sql
-            var sqlNodeIdsWithSort = ApplySort(ApplyFilter(sql, filterSql), orderDirection, orderBy);                
+            var sqlNodeIdsWithSort = ApplySort(ApplyFilter(sql, filterSql), orderDirection, orderBy);
 
             // get a page of results and total count
             var pagedResult = Database.Page<UserDto>(pageIndex + 1, pageSize, sqlNodeIdsWithSort);
@@ -821,11 +813,9 @@ ORDER BY colName";
 
         private Sql<ISqlContext> ApplyFilter(Sql<ISqlContext> sql, Sql<ISqlContext> filterSql)
         {
-            if (filterSql == null)
-                return sql.Where<UserDto>(x => x.Id != Constants.Security.UnknownId);
+            if (filterSql == null) return sql;
 
             sql.Append(SqlContext.Sql(" WHERE " + filterSql.SQL.TrimStart("AND "), filterSql.Arguments));
-            sql.Append($" AND umbracoUser.id <> {Constants.Security.UnknownId}");
 
             return sql;
         }
@@ -847,7 +837,7 @@ ORDER BY colName";
             var idsQuery = SqlContext.Sql()
                 .Select<UserDto>(x => x.Id)
                 .From<UserDto>()
-                .Where<UserDto>(x => x.Id != Constants.Security.UnknownId && x.Id >= id)
+                .Where<UserDto>(x => x.Id >= id)
                 .OrderBy<UserDto>(x => x.Id);
 
             // first page is index 1, not zero
diff --git a/src/Umbraco.Core/Services/Implement/AuditService.cs b/src/Umbraco.Core/Services/Implement/AuditService.cs
index 272d550a43..389a2337d1 100644
--- a/src/Umbraco.Core/Services/Implement/AuditService.cs
+++ b/src/Umbraco.Core/Services/Implement/AuditService.cs
@@ -159,7 +159,7 @@ namespace Umbraco.Core.Services.Implement
         /// <inheritdoc />
         public IAuditEntry Write(int performingUserId, string perfomingDetails, string performingIp, DateTime eventDateUtc, int affectedUserId, string affectedDetails, string eventType, string eventDetails)
         {
-            if (performingUserId < 0 && performingUserId != Constants.Security.SuperId) throw new ArgumentOutOfRangeException(nameof(performingUserId));
+            if (performingUserId < 0 && performingUserId != Constants.Security.SuperUserId) throw new ArgumentOutOfRangeException(nameof(performingUserId));
             if (string.IsNullOrWhiteSpace(perfomingDetails)) throw new ArgumentException("Value cannot be null or whitespace.", nameof(perfomingDetails));
             if (string.IsNullOrWhiteSpace(eventType)) throw new ArgumentException("Value cannot be null or whitespace.", nameof(eventType));
             if (string.IsNullOrWhiteSpace(eventDetails)) throw new ArgumentException("Value cannot be null or whitespace.", nameof(eventDetails));
diff --git a/src/Umbraco.Core/Services/Implement/EntityService.cs b/src/Umbraco.Core/Services/Implement/EntityService.cs
index 0c94df19ed..385b5eabe0 100644
--- a/src/Umbraco.Core/Services/Implement/EntityService.cs
+++ b/src/Umbraco.Core/Services/Implement/EntityService.cs
@@ -604,7 +604,7 @@ namespace Umbraco.Core.Services.Implement
                     NodeObjectType = Constants.ObjectTypes.IdReservation,
 
                     CreateDate = DateTime.Now,
-                    UserId = -1,
+                    UserId = null,
                     ParentId = -1,
                     Level = 1,
                     Path = "-1",
diff --git a/src/Umbraco.Core/Umbraco.Core.csproj b/src/Umbraco.Core/Umbraco.Core.csproj
index b94e1095d8..c4d7fab76c 100644
--- a/src/Umbraco.Core/Umbraco.Core.csproj
+++ b/src/Umbraco.Core/Umbraco.Core.csproj
@@ -329,6 +329,7 @@
     <Compile Include="Migrations\Upgrade\V_8_0_0\RefactorMacroColumns.cs" />
     <Compile Include="Migrations\Upgrade\V_8_0_0\SuperZero.cs" />
     <Compile Include="Migrations\Upgrade\V_8_0_0\TagsMigration.cs" />
+    <Compile Include="Migrations\Upgrade\V_8_0_0\UserForeignKeys.cs" />
     <Compile Include="Models\AuditEntry.cs" />
     <Compile Include="Models\Consent.cs" />
     <Compile Include="Models\ConsentExtensions.cs" />
diff --git a/src/Umbraco.Tests/Models/ContentXmlTest.cs b/src/Umbraco.Tests/Models/ContentXmlTest.cs
index b049e87327..e218317d7d 100644
--- a/src/Umbraco.Tests/Models/ContentXmlTest.cs
+++ b/src/Umbraco.Tests/Models/ContentXmlTest.cs
@@ -23,7 +23,7 @@ namespace Umbraco.Tests.Models
             ServiceContext.ContentTypeService.Save(contentType);
 
             var content = MockedContent.CreateTextpageContent(contentType, "Root Home", -1);
-            ServiceContext.ContentService.Save(content, Constants.Security.SuperId);
+            ServiceContext.ContentService.Save(content, Constants.Security.SuperUserId);
 
             var nodeName = content.ContentType.Alias.ToSafeAliasWithForcingCheck();
             var urlName = content.GetUrlSegment(new[]{new DefaultUrlSegmentProvider() });
diff --git a/src/Umbraco.Tests/Models/Mapping/ContentWebModelMappingTests.cs b/src/Umbraco.Tests/Models/Mapping/ContentWebModelMappingTests.cs
index da080ac2ce..f330905dd2 100644
--- a/src/Umbraco.Tests/Models/Mapping/ContentWebModelMappingTests.cs
+++ b/src/Umbraco.Tests/Models/Mapping/ContentWebModelMappingTests.cs
@@ -46,7 +46,7 @@ namespace Umbraco.Tests.Models.Mapping
             // v8 is changing this, so the test would report a <null> creator
             // temp. fixing by assigning super here
             //
-            content.CreatorId = Constants.Security.SuperId;
+            content.CreatorId = Constants.Security.SuperUserId;
         }
 
         [Test]
@@ -223,7 +223,7 @@ namespace Umbraco.Tests.Models.Mapping
             if (ownerId != 0)
             {
                 Assert.IsNotNull(result.Owner);
-                Assert.AreEqual(Constants.Security.SuperId, result.Owner.UserId);
+                Assert.AreEqual(Constants.Security.SuperUserId, result.Owner.UserId);
                 Assert.AreEqual("Administrator", result.Owner.Name);
             }
             else
diff --git a/src/Umbraco.Tests/Models/MediaXmlTest.cs b/src/Umbraco.Tests/Models/MediaXmlTest.cs
index 11e4b3806b..6f28842f18 100644
--- a/src/Umbraco.Tests/Models/MediaXmlTest.cs
+++ b/src/Umbraco.Tests/Models/MediaXmlTest.cs
@@ -33,7 +33,7 @@ namespace Umbraco.Tests.Models
 
             var media = MockedMedia.CreateMediaImage(mediaType, -1);
             media.WriterId = -1; // else it's zero and that's not a user and it breaks the tests
-            ServiceContext.MediaService.Save(media, Constants.Security.SuperId);
+            ServiceContext.MediaService.Save(media, Constants.Security.SuperUserId);
 
             // so we have to force-reset these values because the property editor has cleared them
             media.SetValue(Constants.Conventions.Media.Width, "200");
diff --git a/src/Umbraco.Tests/Persistence/Repositories/NotificationsRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/NotificationsRepositoryTest.cs
index cac49613a9..12fa1bb9bb 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/NotificationsRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/NotificationsRepositoryTest.cs
@@ -38,7 +38,7 @@ namespace Umbraco.Tests.Persistence.Repositories
                     Text = "hello",
                     Trashed = false,
                     UniqueId = Guid.NewGuid(),
-                    UserId = Constants.Security.SuperId
+                    UserId = Constants.Security.SuperUserId
                 };
                 var result = scope.Database.Insert(node);
                 var entity = Mock.Of<IEntity>(e => e.Id == node.NodeId);
@@ -66,7 +66,7 @@ namespace Umbraco.Tests.Persistence.Repositories
                 scope.Database.Insert(userDto);
 
                 var userNew = Mock.Of<IUser>(e => e.Id == userDto.Id);
-                var userAdmin = Mock.Of<IUser>(e => e.Id == Constants.Security.SuperId);
+                var userAdmin = Mock.Of<IUser>(e => e.Id == Constants.Security.SuperUserId);
 
                 for (var i = 0; i < 10; i++)
                 {
@@ -155,7 +155,7 @@ namespace Umbraco.Tests.Persistence.Repositories
                 scope.Database.Insert(userDto);
 
                 var userNew = Mock.Of<IUser>(e => e.Id == userDto.Id);
-                var userAdmin = Mock.Of<IUser>(e => e.Id == Constants.Security.SuperId);
+                var userAdmin = Mock.Of<IUser>(e => e.Id == Constants.Security.SuperUserId);
 
                 for (var i = 0; i < 10; i++)
                 {
diff --git a/src/Umbraco.Tests/Persistence/Repositories/TaskRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/TaskRepositoryTest.cs
index e4a40a040f..1434fa6cea 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/TaskRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/TaskRepositoryTest.cs
@@ -26,11 +26,11 @@ namespace Umbraco.Tests.Persistence.Repositories
                 var created = DateTime.Now;
                 var task = new Task(new TaskType("asdfasdf"))
                 {
-                    AssigneeUserId = Constants.Security.SuperId,
+                    AssigneeUserId = Constants.Security.SuperUserId,
                     Closed = false,
                     Comment = "hello world",
                     EntityId = -1,
-                    OwnerUserId = Constants.Security.SuperId
+                    OwnerUserId = Constants.Security.SuperUserId
                 };
                 repo.Save(task);
                 
@@ -54,23 +54,23 @@ namespace Umbraco.Tests.Persistence.Repositories
                 var created = DateTime.Now;
                 repo.Save(new Task(new TaskType("asdfasdf"))
                 {
-                    AssigneeUserId = Constants.Security.SuperId,
+                    AssigneeUserId = Constants.Security.SuperUserId,
                     Closed = false,
                     Comment = "hello world",
                     EntityId = -1,
-                    OwnerUserId = Constants.Security.SuperId
+                    OwnerUserId = Constants.Security.SuperUserId
                 });
                 
 
                 var found = repo.GetMany().ToArray();
 
                 Assert.AreEqual(1, found.Length);
-                Assert.AreEqual(Constants.Security.SuperId, found.First().AssigneeUserId);
+                Assert.AreEqual(Constants.Security.SuperUserId, found.First().AssigneeUserId);
                 Assert.AreEqual(false, found.First().Closed);
                 Assert.AreEqual("hello world", found.First().Comment);
                 Assert.GreaterOrEqual(found.First().CreateDate.TruncateTo(DateTimeExtensions.DateTruncate.Second), created.TruncateTo(DateTimeExtensions.DateTruncate.Second));
                 Assert.AreEqual(-1, found.First().EntityId);
-                Assert.AreEqual(Constants.Security.SuperId, found.First().OwnerUserId);
+                Assert.AreEqual(Constants.Security.SuperUserId, found.First().OwnerUserId);
                 Assert.AreEqual(true, found.First().HasIdentity);
                 Assert.AreEqual(true, found.First().TaskType.HasIdentity);
             }
@@ -86,11 +86,11 @@ namespace Umbraco.Tests.Persistence.Repositories
 
                 var task = new Task(new TaskType("asdfasdf"))
                 {
-                    AssigneeUserId = Constants.Security.SuperId,
+                    AssigneeUserId = Constants.Security.SuperUserId,
                     Closed = false,
                     Comment = "hello world",
                     EntityId = -1,
-                    OwnerUserId = Constants.Security.SuperId
+                    OwnerUserId = Constants.Security.SuperUserId
                 };
 
                 repo.Save(task);
@@ -123,11 +123,11 @@ namespace Umbraco.Tests.Persistence.Repositories
 
                 var task = new Task(new TaskType("asdfasdf"))
                 {
-                    AssigneeUserId = Constants.Security.SuperId,
+                    AssigneeUserId = Constants.Security.SuperUserId,
                     Closed = false,
                     Comment = "hello world",
                     EntityId = -1,
-                    OwnerUserId = Constants.Security.SuperId
+                    OwnerUserId = Constants.Security.SuperUserId
                 };
 
                 repo.Save(task);
@@ -214,11 +214,11 @@ namespace Umbraco.Tests.Persistence.Repositories
                 {
                     repo.Save(new Task(new TaskType("asdfasdf"))
                     {
-                        AssigneeUserId = Constants.Security.SuperId,
+                        AssigneeUserId = Constants.Security.SuperUserId,
                         Closed = closed,
                         Comment = "hello world " + i,
                         EntityId = entityId,
-                        OwnerUserId = Constants.Security.SuperId
+                        OwnerUserId = Constants.Security.SuperUserId
                     });
                 }
 
diff --git a/src/Umbraco.Tests/Persistence/Repositories/TaskTypeRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/TaskTypeRepositoryTest.cs
index ec3cf19625..f37fa37dca 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/TaskTypeRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/TaskTypeRepositoryTest.cs
@@ -28,11 +28,11 @@ namespace Umbraco.Tests.Persistence.Repositories
                 var created = DateTime.Now;
                 var task = new Task(taskType)
                 {
-                    AssigneeUserId = Constants.Security.SuperId,
+                    AssigneeUserId = Constants.Security.SuperUserId,
                     Closed = false,
                     Comment = "hello world",
                     EntityId = -1,
-                    OwnerUserId = Constants.Security.SuperId
+                    OwnerUserId = Constants.Security.SuperUserId
                 };
                 repo.Save(task);
                 
diff --git a/src/Umbraco.Tests/Services/ContentServiceTests.cs b/src/Umbraco.Tests/Services/ContentServiceTests.cs
index 6c9fbdd875..c99ef333b9 100644
--- a/src/Umbraco.Tests/Services/ContentServiceTests.cs
+++ b/src/Umbraco.Tests/Services/ContentServiceTests.cs
@@ -1875,7 +1875,7 @@ namespace Umbraco.Tests.Services
             editorGroup.StartContentId = content1.Id;
             ServiceContext.UserService.Save(editorGroup);
 
-            var admin = ServiceContext.UserService.GetUserById(Constants.Security.SuperId);
+            var admin = ServiceContext.UserService.GetUserById(Constants.Security.SuperUserId);
             admin.StartContentIds = new[] {content1.Id};
             ServiceContext.UserService.Save(admin);
 
@@ -1892,7 +1892,7 @@ namespace Umbraco.Tests.Services
             }));
             Assert.IsTrue(ServiceContext.PublicAccessService.AddRule(content1, "test2", "test2").Success);
 
-            var user = ServiceContext.UserService.GetUserById(Constants.Security.SuperId);
+            var user = ServiceContext.UserService.GetUserById(Constants.Security.SuperUserId);
             var userGroup = ServiceContext.UserService.GetUserGroupByAlias(user.Groups.First().Alias);
             Assert.IsNotNull(ServiceContext.NotificationService.CreateNotification(user, content1, "X"));
 
diff --git a/src/Umbraco.Web/Editors/UsersController.cs b/src/Umbraco.Web/Editors/UsersController.cs
index 0f1ba95c78..cabf4364b1 100644
--- a/src/Umbraco.Web/Editors/UsersController.cs
+++ b/src/Umbraco.Web/Editors/UsersController.cs
@@ -208,7 +208,7 @@ namespace Umbraco.Web.Editors
             {
                 // only super can see super - but don't use IsSuper, cannot be mapped to SQL - fixme NOW
                 //filterQuery.Where(x => !x.IsSuper());
-                filterQuery.Where(x => x.Id != Constants.Security.SuperId);
+                filterQuery.Where(x => x.Id != Constants.Security.SuperUserId);
             }
 
             if (filter.IsNullOrWhiteSpace() == false)
diff --git a/src/Umbraco.Web/Install/InstallSteps/NewInstallStep.cs b/src/Umbraco.Web/Install/InstallSteps/NewInstallStep.cs
index ab3bd0aac5..8a67001cc6 100644
--- a/src/Umbraco.Web/Install/InstallSteps/NewInstallStep.cs
+++ b/src/Umbraco.Web/Install/InstallSteps/NewInstallStep.cs
@@ -49,16 +49,16 @@ namespace Umbraco.Web.Install.InstallSteps
 
         public override InstallSetupResult Execute(UserModel user)
         {
-            var admin = _userService.GetUserById(Constants.Security.SuperId);
+            var admin = _userService.GetUserById(Constants.Security.SuperUserId);
             if (admin == null)
             {
                 throw new InvalidOperationException("Could not find the super user!");
             }
 
-            var membershipUser = CurrentProvider.GetUser(Constants.Security.SuperId, true);
+            var membershipUser = CurrentProvider.GetUser(Constants.Security.SuperUserId, true);
             if (membershipUser == null)
             {
-                throw new InvalidOperationException($"No user found in membership provider with id of {Constants.Security.SuperId}.");
+                throw new InvalidOperationException($"No user found in membership provider with id of {Constants.Security.SuperUserId}.");
             }
 
             try
diff --git a/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs b/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs
index 47a4e7b060..adb9bf69d8 100644
--- a/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Mvc/AdminTokenAuthorizeAttribute.cs
@@ -62,7 +62,7 @@ namespace Umbraco.Web.Mvc
 
         private static string GetAuthHeaderVal(IUserService userService)
         {
-            var admin = userService.GetUserById(Core.Constants.Security.SuperId);
+            var admin = userService.GetUserById(Core.Constants.Security.SuperUserId);
 
             var token = $"{admin.Email}u____u{admin.Username}u____u{admin.RawPasswordValue}";
 
@@ -94,7 +94,7 @@ namespace Umbraco.Web.Mvc
             if (keyVal.Count != 1) return false;
             if (keyVal[0].Groups.Count != 2) return false;
 
-            var admin = UserService.GetUserById(Core.Constants.Security.SuperId);
+            var admin = UserService.GetUserById(Core.Constants.Security.SuperUserId);
             if (admin == null) return false;
 
             try
diff --git a/src/Umbraco.Web/NotificationServiceExtensions.cs b/src/Umbraco.Web/NotificationServiceExtensions.cs
index a93930b7b8..2cf3b026de 100644
--- a/src/Umbraco.Web/NotificationServiceExtensions.cs
+++ b/src/Umbraco.Web/NotificationServiceExtensions.cs
@@ -73,10 +73,10 @@ namespace Umbraco.Web
             if (user == null)
             {
                 Current.Logger.Debug(typeof(NotificationServiceExtensions), "There is no current Umbraco user logged in, the notifications will be sent from the administrator");
-                user = userService.GetUserById(Constants.Security.SuperId);
+                user = userService.GetUserById(Constants.Security.SuperUserId);
                 if (user == null)
                 {
-                    Current.Logger.Warn(typeof(NotificationServiceExtensions), $"Noticiations can not be sent, no admin user with id {Constants.Security.SuperId} could be resolved");
+                    Current.Logger.Warn(typeof(NotificationServiceExtensions), $"Noticiations can not be sent, no admin user with id {Constants.Security.SuperUserId} could be resolved");
                     return;
                 }
             }
@@ -98,10 +98,10 @@ namespace Umbraco.Web
             if (user == null)
             {
                 Current.Logger.Debug(typeof(NotificationServiceExtensions), "There is no current Umbraco user logged in, the notifications will be sent from the administrator");
-                user = userService.GetUserById(Constants.Security.SuperId);
+                user = userService.GetUserById(Constants.Security.SuperUserId);
                 if (user == null)
                 {
-                    Current.Logger.Warn(typeof(NotificationServiceExtensions), $"Noticiations can not be sent, no admin user with id {Constants.Security.SuperId} could be resolved");
+                    Current.Logger.Warn(typeof(NotificationServiceExtensions), $"Noticiations can not be sent, no admin user with id {Constants.Security.SuperUserId} could be resolved");
                     return;
                 }
             }
diff --git a/src/Umbraco.Web/Trees/UserPermissionsTreeController.cs b/src/Umbraco.Web/Trees/UserPermissionsTreeController.cs
index 26caa6ac2f..e381c7ec0f 100644
--- a/src/Umbraco.Web/Trees/UserPermissionsTreeController.cs
+++ b/src/Umbraco.Web/Trees/UserPermissionsTreeController.cs
@@ -23,7 +23,7 @@ namespace Umbraco.Web.Trees
             long totalUsers;
             nodes.AddRange(
                 Services.UserService.GetAll(0, int.MaxValue, out totalUsers)
-                    .Where(x => x.Id != Constants.Security.SuperId && x.IsApproved)
+                    .Where(x => x.Id != Constants.Security.SuperUserId && x.IsApproved)
                     .Select(x => CreateTreeNode(x.Id.ToString(),
                         id,
                         queryStrings,
diff --git a/src/Umbraco.Web/_Legacy/Packager/Installer.cs b/src/Umbraco.Web/_Legacy/Packager/Installer.cs
index 36267b0519..87ffa2d665 100644
--- a/src/Umbraco.Web/_Legacy/Packager/Installer.cs
+++ b/src/Umbraco.Web/_Legacy/Packager/Installer.cs
@@ -349,7 +349,7 @@ namespace umbraco.cms.businesslogic.packager
                     //bool saveNeeded = false;
 
                     // Get current user, with a fallback
-                    var currentUser = Current.Services.UserService.GetUserById(Constants.Security.SuperId);
+                    var currentUser = Current.Services.UserService.GetUserById(Constants.Security.SuperUserId);
 
                     //TODO: Get rid of this entire class! Until then all packages will be installed by the admin user