diff --git a/core/modules/simpletest/tests/Drupal/simpletest/Tests/phpunit_error.xml b/core/modules/simpletest/tests/Drupal/simpletest/Tests/phpunit_error.xml
index a8cf4d9..95bde5d 100644
--- a/core/modules/simpletest/tests/Drupal/simpletest/Tests/phpunit_error.xml
+++ b/core/modules/simpletest/tests/Drupal/simpletest/Tests/phpunit_error.xml
@@ -17,22 +17,22 @@ Undefined index: foo
     </testsuite>
     <testsuite name="Drupal\Tests\Core\NestedArrayUnitTest" file="/home/chx/www/system/core/tests/Drupal/Tests/Core/NestedArrayUnitTest.php" namespace="Drupal\Tests\Core" fullPackage="Drupal.Tests.Core" tests="0" assertions="0" failures="0" errors="0" time="0.000000"/>
     <testsuite name="Drupal\breakpoint\Tests\BreakpointMediaQueryTest" file="/home/chx/www/system/core/modules/breakpoint/tests/Drupal/breakpoint/Tests/BreakpointMediaQueryTest.php" namespace="Drupal\breakpoint\Tests" fullPackage="Drupal.breakpoint.Tests" tests="0" assertions="0" failures="0" errors="0" time="0.000000"/>
-    <testsuite name="Drupal\Tests\Core\Route\RouterRoleTest" file="/var/www/d8/core/tests/Drupal/Tests/Core/Route/RouterRoleTest.php" namespace="Drupal\Tests\Core\Route" fullPackage="Drupal.Tests.Core.Route" tests="3" assertions="3" failures="3" errors="0" time="0.009176">
-      <testsuite name="Drupal\Tests\Core\Route\RouterRoleTest::testRoleAccess" tests="3" assertions="3" failures="3" errors="0" time="0.009176">
+    <testsuite name="Drupal\Tests\Core\Route\RoleAccessCheckTest" file="/var/www/d8/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTestkTest.php" namespace="Drupal\Tests\Core\Route" fullPackage="Drupal.Tests.Core.Route" tests="3" assertions="3" failures="3" errors="0" time="0.009176">
+      <testsuite name="Drupal\Tests\Core\Route\RoleAccessCheckTest::testRoleAccess" tests="3" assertions="3" failures="3" errors="0" time="0.009176">
         <testcase name="testRoleAccess with data set #0" assertions="1" time="0.004519">
-          <failure type="PHPUnit_Framework_ExpectationFailedException">Drupal\Tests\Core\Route\RouterRoleTest::testRoleAccess with data set #0 ('role_test_1', array(Drupal\user\Plugin\Core\Entity\User, Drupal\user\Plugin\Core\Entity\User))
+          <failure type="PHPUnit_Framework_ExpectationFailedException">Drupal\Tests\Core\Route\RoleAccessCheckTest::testRoleAccess with data set #0 ('role_test_1', array(Drupal\user\Plugin\Core\Entity\User, Drupal\user\Plugin\Core\Entity\User))
             Access granted for user with the roles role_test_1 on path: role_test_1
             Failed asserting that false is true.
           </failure>
         </testcase>
         <testcase name="testRoleAccess with data set #1" assertions="1" time="0.002354">
-          <failure type="PHPUnit_Framework_ExpectationFailedException">Drupal\Tests\Core\Route\RouterRoleTest::testRoleAccess with data set #1 ('role_test_2', array(Drupal\user\Plugin\Core\Entity\User, Drupal\user\Plugin\Core\Entity\User))
+          <failure type="PHPUnit_Framework_ExpectationFailedException">Drupal\Tests\Core\Route\RoleAccessCheckTest::testRoleAccess with data set #1 ('role_test_2', array(Drupal\user\Plugin\Core\Entity\User, Drupal\user\Plugin\Core\Entity\User))
             Access granted for user with the roles role_test_2 on path: role_test_2
             Failed asserting that false is true.
           </failure>
         </testcase>
         <testcase name="testRoleAccess with data set #2" assertions="1" time="0.002303">
-          <failure type="PHPUnit_Framework_ExpectationFailedException">Drupal\Tests\Core\Route\RouterRoleTest::testRoleAccess with data set #2 ('role_test_3', array(Drupal\user\Plugin\Core\Entity\User))
+          <failure type="PHPUnit_Framework_ExpectationFailedException">Drupal\Tests\Core\Route\RoleAccessCheckTest::testRoleAccess with data set #2 ('role_test_3', array(Drupal\user\Plugin\Core\Entity\User))
             Access granted for user with the roles role_test_1, role_test_2 on path: role_test_3
             Failed asserting that false is true.
           </failure>
diff --git a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php
index e35ca1c..104763d 100644
--- a/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php
+++ b/core/modules/user/lib/Drupal/user/Access/RoleAccessCheck.php
@@ -13,6 +13,10 @@
 
 /**
  * Determines access to routes based on roles.
+ *
+ * You can specify the '_role' key on route requirements. If you specify a
+ * single role, users with that role with have access. If you specify multiple
+ * ones you can conjunct them with AND by using a "+" and with OR by using ",".
  */
 class RoleAccessCheck implements AccessCheckInterface {
 
@@ -29,15 +33,26 @@ public function applies(Route $route) {
   public function access(Route $route, Request $request) {
     // Requirements just allow strings, so this might be a comma separated list.
     $rid_string = $route->getRequirement('_role');
-    $rids = array_map('trim', explode(',', $rid_string));
+
     // @todo Replace the role check with a correctly injected and session-using
     //   alternative.
     $account = $GLOBALS['user'];
 
-    $diff = array_diff(array_filter($rids), array_keys($account->roles));
-    if (empty($diff)) {
-      return TRUE;
+    $explode_and = array_filter(array_map('trim', explode('+', $rid_string)));
+    if (count($explode_and) > 1) {
+      $diff = array_diff($explode_and, array_keys($account->roles));
+      if (empty($diff)) {
+        return TRUE;
+      }
+    }
+    else {
+      $explode_or = array_filter(array_map('trim', explode(',', $rid_string)));
+      $intersection = array_intersect($explode_or, array_keys($account->roles));
+      if (!empty($intersection)) {
+        return TRUE;
+      }
     }
+
     // If there is no allowed role, return NULL to give other checks a chance.
     return NULL;
   }
diff --git a/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php
index a8e4154..2561c55 100644
--- a/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php
+++ b/core/tests/Drupal/Tests/Core/Route/RoleAccessCheckTest.php
@@ -25,6 +25,8 @@
 
 /**
  * Defines tests for role based access in routes.
+ *
+ * @see \Drupal\user\Access\RoleAccessCheck
  */
 class RoleAccessCheckTest extends UnitTestCase {
 
@@ -65,7 +67,15 @@ protected function getTestRouteCollection() {
         '_controller' => '\Drupal\router_test\TestControllers::test1',
       ),
       array(
-        '_role' => 'role_test_1, role_test_2',
+        '_role' => 'role_test_1+role_test_2',
+      )
+    ));
+    $route_collection->add('role_test_4', new Route('/role_test_4',
+      array(
+        '_controller' => '\Drupal\router_test\TestControllers::test1',
+      ),
+      array(
+        '_role' => 'role_test_1,role_test_2',
       )
     ));
 
@@ -101,6 +111,7 @@ public function roleAccessProvider() {
       array('role_test_1', array($account_1, $account_12), array($account_2, $account_none)),
       array('role_test_2', array($account_2, $account_12), array($account_1, $account_none)),
       array('role_test_3', array($account_12), array($account_1, $account_2, $account_none)),
+      array('role_test_4', array($account_1, $account_2, $account_12), array()),
     );
   }