diff -u b/core/includes/update.inc b/core/includes/update.inc
--- b/core/includes/update.inc
+++ b/core/includes/update.inc
@@ -1615,8 +1615,8 @@
   $role_names = Drupal::service('config.storage')->listAll($prefix);
   foreach ($role_names as $role_name) {
     $rid = substr($role_name, $cut);
-    $config = Drupal::config("user.permission.$rid");
-    $permissions = $config->get();
+    $config = Drupal::config("user.role.$rid");
+    $permissions = $config->get('permissions');
     foreach ($replace as $old_permission => $new_permissions) {
       $key = array_search($old_permission, $permissions);
       if ($key !== FALSE) {
@@ -1625,7 +1625,7 @@
       }
     }
     $config
-      ->setData($permissions)
+      ->set('permissions', $permissions)
       ->save();
   }
 }
diff -u b/core/modules/comment/comment.module b/core/modules/comment/comment.module
--- b/core/modules/comment/comment.module
+++ b/core/modules/comment/comment.module
@@ -1231,9 +1231,9 @@
     // edit could change the security situation so it is not safe to index the
     // comments.
     $index_comments = TRUE;
-    $authenticated_can_access = in_array('access comments', Drupal::config('user.permission.' . DRUPAL_AUTHENTICATED_RID)->get());
+    $authenticated_can_access = in_array('access comments', Drupal::config('user.role.' . DRUPAL_AUTHENTICATED_RID)->get('permissions'));
     foreach (user_roles() as $rid => $role_object) {
-      $permissions = \Drupal::config("user.permission.$rid")->get();
+      $permissions = \Drupal::config("user.role.$rid")->get('permissions');
       if (in_array('search content', $permissions) && !in_array('access comments', $permissions) &&
          ($rid == DRUPAL_AUTHENTICATED_RID || $rid == DRUPAL_ANONYMOUS_RID || !$authenticated_can_access)) {
         $index_comments = FALSE;
diff -u b/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php b/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php
--- b/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php
+++ b/core/modules/node/lib/Drupal/node/Tests/NodeAccessTest.php
@@ -26,7 +26,7 @@
   function setUp() {
     parent::setUp();
     // Clear permissions for authenticated users.
-    $this->container->get('config.factory')->get('user.permission.' . DRUPAL_AUTHENTICATED_RID)->delete();
+    $this->container->get('config.factory')->get('user.role.' . DRUPAL_AUTHENTICATED_RID)->clear('permissions');
   }
 
   /**
diff -u b/core/modules/node/node.views_execution.inc b/core/modules/node/node.views_execution.inc
--- b/core/modules/node/node.views_execution.inc
+++ b/core/modules/node/node.views_execution.inc
@@ -30,8 +30,8 @@
         // check for no access control
         $access = $display->getOption('access');
         if (empty($access['type']) || $access['type'] == 'none') {
-          $anonymous_has_access = in_array('access content', Drupal::config('user.permission.' . DRUPAL_ANONYMOUS_RID)->get());
-          $authenticated_has_access = in_array('access content', Drupal::config('user.permission.' . DRUPAL_AUTHENTICATED_RID)->get());
+          $anonymous_has_access = in_array('access content', Drupal::config('user.role.' . DRUPAL_ANONYMOUS_RID)->get('permissions'));
+          $authenticated_has_access = in_array('access content', Drupal::config('user.role.' . DRUPAL_AUTHENTICATED_RID)->get('permissions'));
           if (!$anonymous_has_access || !$authenticated_has_access) {
             $ret[] = Analyzer::formatMessage(t('Some roles lack permission to access content, but display %display has no access control.', array('%display' => $display->display['display_title'])), 'warning');
           }
diff -u b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
--- b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
@@ -551,7 +551,7 @@
       // Grant the specified permissions to the role, if any.
       if (!empty($permissions)) {
         user_role_grant_permissions($role->id(), $permissions);
-        $assigned_permissions = $this->container->get('config.factory')->get('user.permission.' . $role->id())->get();
+        $assigned_permissions = $this->container->get('config.factory')->get('user.role.' . $role->id())->get('permissions');
         $missing_permissions = array_diff($permissions, $assigned_permissions);
         if (!$missing_permissions) {
           $this->pass(t('Created permissions: @perms', array('@perms' => implode(', ', $permissions))), t('Role'));
diff -u b/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php b/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php
--- b/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php
+++ b/core/modules/user/lib/Drupal/user/Plugin/views/field/Permissions.php
@@ -50,7 +50,7 @@
       $query->condition('u.uid', $uids);
       $result = $query->execute();
       foreach ($result as $row) {
-        foreach (\Drupal::config("user.permission.$row->rid")->get() as $permission) {
+        foreach (\Drupal::config("user.role.$row->rid")->get('permissions') as $permission) {
           $this->items[$row->uid][$permission]['permission'] = $permission_names[$permission]['title'];
         }
       }
diff -u b/core/modules/user/lib/Drupal/user/RoleStorageController.php b/core/modules/user/lib/Drupal/user/RoleStorageController.php
--- b/core/modules/user/lib/Drupal/user/RoleStorageController.php
+++ b/core/modules/user/lib/Drupal/user/RoleStorageController.php
@@ -55,15 +55,9 @@
    * {@inheritdoc}
    */
   protected function postDelete($entities) {
-    $rids = array_keys($entities);
-
-    // Delete permission assignments.
-    foreach ($rids as $rid) {
-      \Drupal::config("user.permission.$rid")->delete();
-    }
     // Remove the role from all users.
     db_delete('users_roles')
-      ->condition('rid', $rids)
+      ->condition('rid', array_keys($entities))
       ->execute();
   }
 
diff -u b/core/modules/user/user.install b/core/modules/user/user.install
--- b/core/modules/user/user.install
+++ b/core/modules/user/user.install
@@ -1027,8 +1027,8 @@
     $new_permissions[_user_update_map_rid($permission->rid)][] = $permission->permission;
   }
   foreach ($new_permissions as $rid => $permissions) {
-    config("user.permission.$rid")
-      ->setData($permissions)
+    config("user.role.$rid")
+      ->set('permissions', $permissions)
       ->save();
   }
 }
diff -u b/core/modules/user/user.module b/core/modules/user/user.module
--- b/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -425,7 +425,7 @@
   $role_permissions = array();
   foreach ($roles as $rid => $name) {
     $role_permissions[$rid] = array();
-    foreach (Drupal::config("user.permission.$rid")->get() as $permission) {
+    foreach (Drupal::config("user.role.$rid")->get('permissions') as $permission) {
       $role_permissions[$rid][$permission] = TRUE;
     }
   }
@@ -1809,12 +1809,12 @@
   }
 
   if (!empty($permission)) {
-    foreach ($roles as $rid => $role_object) {
-      $permissions = Drupal::config("user.permission.$rid")->get();
-      if (!in_array($permission, $permissions)) {
-        unset($roles[$rid]);
-      }
-    }
+    $result = db_select('role_permission', 'p')
+      ->fields('p', array('rid'))
+      ->condition('p.rid', array_keys($roles))
+      ->condition('p.permission', $permission)
+      ->execute()->fetchCol();
+    $roles = array_intersect_key($roles, array_flip($result));
   }
 
   if (empty($permission)) {
@@ -1848,12 +1848,11 @@
   }
 
   if (!empty($permission)) {
-    $result = db_select('role_permission', 'p')
-      ->fields('p', array('rid'))
-      ->condition('p.rid', array_keys($roles))
-      ->condition('p.permission', $permission)
-      ->execute()->fetchCol();
-    $roles = array_intersect_key($roles, array_flip($result));
+    foreach ($roles as $rid => $role_object) {
+      if (!in_array($permission, $role_object->permissions)) {
+        unset($roles[$rid]);
+      }
+    }
   }
 
   if (empty($permission)) {
@@ -1921,23 +1920,23 @@
  * @see user_role_revoke_permissions()
  */
 function user_role_grant_permissions($rid, array $permissions = array()) {
-  // Grant new permissions for the role.
-  $config = Drupal::config("user.permission.$rid");
-  $old_permissions = $config->get();
-  $new_permissions = array_unique(array_merge($old_permissions, $permissions));
-  $config
-    ->setData($new_permissions)
-    ->save();
-
   $modules = user_permission_get_modules();
-  $config = Drupal::config('user.module.permission');
-  foreach ($modules as $permission => $module) {
-    $config->set("$module.$permission", TRUE);
+  // Grant new permissions for the role.
+  foreach ($permissions as $name) {
+    db_merge('role_permission')
+      ->key(array(
+        'rid' => $rid,
+        'permission' => $name,
+      ))
+      ->fields(array(
+        'module' => $modules[$name],
+      ))
+      ->execute();
   }
-  $config->save();
 
   // Clear the user access cache.
   drupal_static_reset('user_access');
+  drupal_static_reset('user_role_permissions');
 }
 
 /**
@@ -1960,23 +1959,23 @@
  * @see user_role_revoke_permissions()
  */
 function user_role_grant_permissions($rid, array $permissions = array()) {
-  $modules = user_permission_get_modules();
   // Grant new permissions for the role.
-  foreach ($permissions as $name) {
-    db_merge('role_permission')
-      ->key(array(
-        'rid' => $rid,
-        'permission' => $name,
-      ))
-      ->fields(array(
-        'module' => $modules[$name],
-      ))
-      ->execute();
+  $config = Drupal::config("user.role.$rid");
+  $old_permissions = $config->get('permissions');
+  $new_permissions = array_unique(array_merge($old_permissions, $permissions));
+  $config
+    ->set('permissions', $new_permissions)
+    ->save();
+
+  $modules = user_permission_get_modules();
+  $config = Drupal::config('user.module.permission');
+  foreach ($modules as $permission => $module) {
+    $config->set("$module.$permission", TRUE);
   }
+  $config->save();
 
   // Clear the user access cache.
   drupal_static_reset('user_access');
-  drupal_static_reset('user_role_permissions');
 }
 
 /**
@@ -1992,11 +1991,11 @@
  */
 function user_role_revoke_permissions($rid, array $permissions = array()) {
   // Revoke permissions for the role.
-  $config = config("user.permission.$rid");
-  $old_permissions = $config->get();
+  $config = config("user.role.$rid");
+  $old_permissions = $config->get('permissions');
   $new_permissions = array_diff($old_permissions, $permissions);
   $config
-    ->setData($new_permissions)
+    ->set('permissions', $new_permissions)
     ->save();
   // Clear the user access cache.
   drupal_static_reset('user_access');
@@ -2624,10 +2623,11 @@
   if ($permissions_to_remove) {
     $permissions_to_remove = array_keys($permissions_to_remove);
     foreach (user_roles() as $rid => $role_object) {
-      $config = Drupal::config("user.permission.$rid");
-      $permissions = $config->get();
+      $config = Drupal::config("user.role.$rid");
+      $permissions = $config->get('permissions');
+      $new_permissions = array_diff($permissions, $permissions_to_remove);
       $config
-        ->setData(array_diff($permissions, $permissions_to_remove))
+        ->set('permissions', $new_permissions)
         ->save();
     }
   }