So it looks like this mostly worked, except I had to "modify data access profile and skip to finish and apply before the access would take affect.
As much as I can tell, I could also run the following to accomplish the missing piece.
EXEC up_ParseUserProfile @UserID
EXEC up_ParseAcsTable @ProfileID
EXEC up_ManageSecurityFunction
EXEC up_ParseAppAccessTable N'', 0
...I'm just not entirely sure what these stored procedures do, and if it's safe to force it through the back-end like this.
If anyone could fill in the missing pieces...