diff --git a/packages/server/src/api/controllers/row/index.ts b/packages/server/src/api/controllers/row/index.ts
index f0f2462019..6e0a6d979e 100644
--- a/packages/server/src/api/controllers/row/index.ts
+++ b/packages/server/src/api/controllers/row/index.ts
@@ -72,6 +72,11 @@ export const save = async (ctx: UserCtx<Row, Row>) => {
   const tableId = utils.getTableId(ctx)
   const body = ctx.request.body
 
+  // user metadata doesn't exist yet - don't allow creation
+  if (utils.isUserMetadataTable(tableId) && !body._rev) {
+    ctx.throw(400, "Cannot create new user entry.")
+  }
+
   // if it has an ID already then its a patch
   if (body && body._id) {
     return patch(ctx as UserCtx<PatchRowRequest, PatchRowResponse>)
diff --git a/packages/server/src/api/controllers/row/utils.ts b/packages/server/src/api/controllers/row/utils.ts
index 2a94169012..5f10fd9ad4 100644
--- a/packages/server/src/api/controllers/row/utils.ts
+++ b/packages/server/src/api/controllers/row/utils.ts
@@ -146,3 +146,36 @@ export async function validate({
   }
   return { valid: Object.keys(errors).length === 0, errors }
 }
+
+// don't do a pure falsy check, as 0 is included
+// https://github.com/Budibase/budibase/issues/10118
+export function removeEmptyFilters(filters: SearchFilters) {
+  for (let filterField of NoEmptyFilterStrings) {
+    if (!filters[filterField]) {
+      continue
+    }
+
+    for (let filterType of Object.keys(filters)) {
+      if (filterType !== filterField) {
+        continue
+      }
+      // don't know which one we're checking, type could be anything
+      const value = filters[filterType] as unknown
+      if (typeof value === "object") {
+        for (let [key, value] of Object.entries(
+          filters[filterType] as object
+        )) {
+          if (value == null || value === "") {
+            // @ts-ignore
+            delete filters[filterField][key]
+          }
+        }
+      }
+    }
+  }
+  return filters
+}
+
+export function isUserMetadataTable(tableId: string) {
+  return tableId === InternalTables.USER_METADATA
+}
diff --git a/packages/server/src/api/routes/tests/row.spec.ts b/packages/server/src/api/routes/tests/row.spec.ts
index a74a9f7960..6a021460ac 100644
--- a/packages/server/src/api/routes/tests/row.spec.ts
+++ b/packages/server/src/api/routes/tests/row.spec.ts
@@ -3,7 +3,7 @@ import { databaseTestProviders } from "../../../integrations/tests/utils"
 import tk from "timekeeper"
 import { outputProcessing } from "../../../utilities/rowProcessor"
 import * as setup from "./utilities"
-import { context, roles, tenancy } from "@budibase/backend-core"
+import { context, InternalTable, roles, tenancy } from "@budibase/backend-core"
 import { quotas } from "@budibase/pro"
 import {
   FieldType,
@@ -1415,6 +1415,23 @@ describe.each([
         })
       })
 
+      isInternal &&
+        it("doesn't allow creating in user table", async () => {
+          const userTableId = InternalTable.USER_METADATA
+          const response = await config.api.row.save(
+            userTableId,
+            {
+              tableId: userTableId,
+              firstName: "Joe",
+              lastName: "Joe",
+              email: "joe@joe.com",
+              roles: {},
+            },
+            { expectStatus: 400 }
+          )
+          expect(response.message).toBe("Cannot create new user entry.")
+        })
+
       describe("permissions", () => {
         let viewId: string
         let tableId: string