diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/multitenant/TestMultiTenantVolume.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/multitenant/TestMultiTenantVolume.java
index 0a068c871523..a8aabc059347 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/multitenant/TestMultiTenantVolume.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/multitenant/TestMultiTenantVolume.java
@@ -58,7 +58,7 @@ public class TestMultiTenantVolume {
   private static final String TENANT_ID = "tenant";
   private static final String USER_PRINCIPAL = "username";
   private static final String BUCKET_NAME = "bucket";
-  private static final String ACCESS_ID = UUID.randomUUID().toString();
+  private static final String ACCESS_ID = "tenant$username";
 
   @BeforeClass
   public static void initClusterProvider() throws Exception {
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/shell/TestOzoneTenantShell.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/shell/TestOzoneTenantShell.java
index 6aa868f59d49..f3aa9f457c99 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/shell/TestOzoneTenantShell.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/shell/TestOzoneTenantShell.java
@@ -556,16 +556,30 @@ public void testOzoneTenantBasicOperations() throws IOException {
     checkOutput(err, "Assigned 'bob' to 'research' with accessId"
         + " 'research$bob'.\n", true);
 
-    // Attempt to assign the user to the same tenant under another accessId,
-    //  should fail.
+    // Attempt to assign the user to the tenant again
+    executeHA(tenantShell, new String[] {
+        "user", "assign", "bob", "--tenant=research",
+        "--accessId=research$bob"});
+    checkOutput(out, "", false);
+    checkOutput(err, "Failed to assign 'bob' to 'research': "
+        + "accessId 'research$bob' already exists!\n", true);
+
+    // Attempt to assign the user to the tenant with a custom accessId
     executeHA(tenantShell, new String[] {
         "user", "assign", "bob", "--tenant=research",
         "--accessId=research$bob42"});
     checkOutput(out, "", false);
+    // HDDS-6366: Disallow specifying custom accessId.
+    checkOutput(err, "Failed to assign 'bob' to 'research': "
+        + "Invalid accessId 'research$bob42'. "
+        + "Specifying a custom access ID disallowed. "
+        + "Expected accessId to be assigned is 'research$bob'\n", true);
+    /*  Once HDDS-6366 is lifted, the following check should be used instead
     checkOutput(err, "Failed to assign 'bob' to 'research': "
         + "The same user is not allowed to be assigned to the same tenant "
         + "more than once. User 'bob' is already assigned to tenant 'research' "
         + "with accessId 'research$bob'.\n", true);
+    */
 
     executeHA(tenantShell, new String[] {"list"});
     checkOutput(out, "dev\nfinance\nresearch\n", true);
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMMultiTenantManager.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMMultiTenantManager.java
index bdd8ab755293..5cade68b0137 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMMultiTenantManager.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMMultiTenantManager.java
@@ -144,6 +144,14 @@ void removeUserAccessIdFromCache(String accessId, String userPrincipal,
    */
   String getUserNameGivenAccessId(String accessId);
 
+  /**
+   * Get the default Access ID string given tenant name and user name.
+   * @param tenantId tenant name
+   * @param userPrincipal user name
+   * @return access ID in the form of tenantName$username
+   */
+  String getDefaultAccessId(String tenantId, String userPrincipal);
+
   /**
    * Given a user, return their S3-Secret Key.
    * @param accessID
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMMultiTenantManagerImpl.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMMultiTenantManagerImpl.java
index fd2045e1130f..e7ff4381c582 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMMultiTenantManagerImpl.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMMultiTenantManagerImpl.java
@@ -17,6 +17,7 @@
  */
 package org.apache.hadoop.ozone.om;
 
+import static org.apache.hadoop.ozone.OzoneConsts.TENANT_ID_USERNAME_DELIMITER;
 import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.INVALID_ACCESS_ID;
 import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.TENANT_AUTHORIZER_ERROR;
 import static org.apache.hadoop.ozone.om.multitenant.AccessPolicy.AccessGrantType.ALLOW;
@@ -355,6 +356,10 @@ public String getUserNameGivenAccessId(String accessId) {
     return null;
   }
 
+  public String getDefaultAccessId(String tenantId, String userPrincipal) {
+    return tenantId + TENANT_ID_USERNAME_DELIMITER + userPrincipal;
+  }
+
   @Override
   public String getUserSecret(String accessID) throws IOException {
     return "";
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/tenant/OMTenantAssignUserAccessIdRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/tenant/OMTenantAssignUserAccessIdRequest.java
index 69c77ef28462..c96eedc28422 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/tenant/OMTenantAssignUserAccessIdRequest.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/tenant/OMTenantAssignUserAccessIdRequest.java
@@ -138,6 +138,16 @@ public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
           OMException.ResultCodes.INVALID_TENANT_ID);
     }
 
+    // HDDS-6366: Disallow specifying custom accessId.
+    final String expectedAccessId = ozoneManager.getMultiTenantManager()
+        .getDefaultAccessId(tenantId, userPrincipal);
+    if (!accessId.equals(expectedAccessId)) {
+      throw new OMException("Invalid accessId '" + accessId + "'. "
+          + "Specifying a custom access ID disallowed. "
+          + "Expected accessId to be assigned is '" + expectedAccessId + "'",
+          OMException.ResultCodes.INVALID_ACCESS_ID);
+    }
+
     // Check accessId validity.
     if (accessId.contains(SERIALIZATION_SPLIT_KEY)) {
       throw new OMException("Invalid accessId '" + accessId +
diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/s3/security/TestS3GetSecretRequest.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/s3/security/TestS3GetSecretRequest.java
index c4f638f95792..481325449eb4 100644
--- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/s3/security/TestS3GetSecretRequest.java
+++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/s3/security/TestS3GetSecretRequest.java
@@ -359,6 +359,12 @@ public void testGetSecretWithTenant() throws IOException {
 
     // 2. AssignUserToTenantRequest: Assign "bob@EXAMPLE.COM" to "finance".
     ++txLogIndex;
+
+    // Additional mock setup needed for pass accessId check
+    when(ozoneManager.getMultiTenantManager()).thenReturn(omMultiTenantManager);
+    when(omMultiTenantManager.getDefaultAccessId(TENANT_ID, USER_BOB))
+        .thenReturn(ACCESS_ID_BOB);
+
     // Run preExecute
     OMTenantAssignUserAccessIdRequest omTenantAssignUserAccessIdRequest =
         new OMTenantAssignUserAccessIdRequest(