diff --git a/CHANGES/3957.bugfix b/CHANGES/3957.bugfix
new file mode 100644
index 0000000000..22ccac52d9
--- /dev/null
+++ b/CHANGES/3957.bugfix
@@ -0,0 +1 @@
+Fixed circular imports caused by get_user_model calls.
diff --git a/pulpcore/app/models/role.py b/pulpcore/app/models/role.py
index 56a262514c..7d9e0232da 100644
--- a/pulpcore/app/models/role.py
+++ b/pulpcore/app/models/role.py
@@ -1,4 +1,4 @@
-from django.contrib.auth import get_user_model
+from django.conf import settings
 from django.contrib.auth.models import Permission
 from django.contrib.contenttypes.fields import GenericForeignKey
 from django.contrib.contenttypes.models import ContentType
@@ -41,7 +41,7 @@ class UserRole(BaseModel):
     """
 
     user = models.ForeignKey(
-        get_user_model(), related_name="object_roles", on_delete=models.CASCADE
+        settings.AUTH_USER_MODEL, related_name="object_roles", on_delete=models.CASCADE
     )
     role = models.ForeignKey(Role, related_name="object_users", on_delete=models.CASCADE)
     content_type = models.ForeignKey(ContentType, on_delete=models.CASCADE, null=True)
diff --git a/pulpcore/app/role_util.py b/pulpcore/app/role_util.py
index f1978188b8..345744ed19 100644
--- a/pulpcore/app/role_util.py
+++ b/pulpcore/app/role_util.py
@@ -1,19 +1,23 @@
 from gettext import gettext as _
 
 from collections import defaultdict
+from functools import lru_cache
 
 from django.conf import settings
 from django.core.exceptions import BadRequest
 from django.db.models import Q, Exists, OuterRef, CharField
 from django.db.models.functions import Cast
-from django.contrib.auth import get_user_model
+from django.contrib.auth import get_user_model as django_get_user_model
 from django.contrib.auth.models import Permission
 from django.contrib.contenttypes.models import ContentType
 
 from pulpcore.app.models import Group
 from pulpcore.app.models.role import GroupRole, Role, UserRole
 
-User = get_user_model()
+
+@lru_cache()
+def get_user_model(maxsize=1):
+    return django_get_user_model()
 
 
 def assign_role(rolename, entity, obj=None, domain=None):
@@ -300,6 +304,7 @@ def get_users_with_perms_roles(
     include_model_permissions=True,
     for_concrete_model=False,
 ):
+    User = get_user_model()
     qs = User.objects.none()
     if with_superusers:
         qs |= User.objects.filter(is_superuser=True)
@@ -338,6 +343,7 @@ def get_users_with_perms_attached_perms(
     include_model_permissions=True,
     for_concrete_model=False,
 ):
+    User = get_user_model()
     ctype = ContentType.objects.get_for_model(obj, for_concrete_model=for_concrete_model)
     perms = Permission.objects.filter(content_type__pk=ctype.id)
     if only_with_perms_in:
@@ -422,6 +428,7 @@ def get_users_with_perms(
     include_model_permissions=True,
     for_concrete_model=False,
 ):
+    User = get_user_model()
     if attach_perms:
         res = defaultdict(set)
         if "pulpcore.backends.ObjectRolePermissionBackend" in settings.AUTHENTICATION_BACKENDS: