diff --git a/core/modules/node/node.module b/core/modules/node/node.module
index aade3e8..53d43ab 100644
--- a/core/modules/node/node.module
+++ b/core/modules/node/node.module
@@ -1213,7 +1213,7 @@ function _node_access_rebuild_batch_operation(&$context) {
     // Initiate multistep processing.
     $context['sandbox']['progress'] = 0;
     $context['sandbox']['current_node'] = 0;
-    $context['sandbox']['max'] = \Drupal::entityQuery('node')->count()->execute();
+    $context['sandbox']['max'] = \Drupal::entityQuery('node')->accessCheck(FALSE)->count()->execute();
   }
 
   // Process the next 20 nodes.
diff --git a/core/modules/node/src/Tests/NodeAccessRebuildNodeGrantsTest.php b/core/modules/node/src/Tests/NodeAccessRebuildNodeGrantsTest.php
index d5cca95..d151aad 100644
--- a/core/modules/node/src/Tests/NodeAccessRebuildNodeGrantsTest.php
+++ b/core/modules/node/src/Tests/NodeAccessRebuildNodeGrantsTest.php
@@ -2,6 +2,8 @@
 
 namespace Drupal\node\Tests;
 
+use Drupal\node\Entity\NodeType;
+
 /**
  * Ensures that node access rebuild functions work correctly even
  * when other modules implements hook_node_grants().
@@ -11,20 +13,27 @@
 class NodeAccessRebuildNodeGrantsTest extends NodeTestBase {
 
   /**
-   * A user to test the rebuild nodes feature.
+   * A user to create nodes that only it has access to.
    *
    * @var \Drupal\user\UserInterface
    */
   protected $webUser;
 
   /**
+   * A user to test the rebuild nodes feature which can't access the nodes.
+   *
+   * @var \Drupal\user\UserInterface
+   */
+  protected $adminUser;
+
+  /**
    * {@inheritdoc}
    */
   protected function setUp() {
     parent::setUp();
 
-    $admin_user = $this->drupalCreateUser(array('administer site configuration', 'access administration pages', 'access site reports', 'bypass node access'));
-    $this->drupalLogin($admin_user);
+    $this->adminUser = $this->drupalCreateUser(array('administer site configuration', 'access administration pages', 'access site reports'));
+    $this->drupalLogin($this->adminUser);
 
     $this->webUser = $this->drupalCreateUser();
   }
@@ -34,25 +43,54 @@ protected function setUp() {
    */
   public function testNodeAccessRebuildNodeGrants() {
     \Drupal::service('module_installer')->install(['node_access_test']);
+    \Drupal::state()->set('node_access_test.private', TRUE);
+    node_access_test_add_field(NodeType::load('page'));
     $this->resetAll();
 
-    $node = $this->drupalCreateNode(array(
-      'uid' => $this->webUser->id(),
-    ));
-
+    // Create 30 nodes so that _node_access_rebuild_batch_operation() has to run
+    // more than once.
+    for ($i = 0; $i < 30; $i++) {
+      $nodes[] = $this->drupalCreateNode(array(
+        'uid' => $this->webUser->id(),
+        'private' => [['value' => 1]]
+      ));
+    }
+
+    /** @var \Drupal\node\NodeGrantDatabaseStorageInterface $grant_storage */
+    $grant_storage = \Drupal::service('node.grant_storage');
     // Default realm access and node records are present.
-    $this->assertTrue(\Drupal::service('node.grant_storage')->access($node, 'view', $this->webUser), 'The expected node access records are present');
+    foreach ($nodes as $node) {
+      $this->assertTrue($node->private->value);
+      $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the node author.');
+      $this->assertTrue($grant_storage->access($node, 'view', $this->adminUser)->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the admin user.');
+    }
+
     $this->assertEqual(1, \Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is an all realm access record');
     $this->assertTrue(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions need to be rebuilt');
 
     // Rebuild permissions.
-    $this->drupalGet('admin/reports/status/rebuild');
+    $this->drupalGet('admin/reports/status');
+    $this->clickLink(t('Rebuild permissions'));
     $this->drupalPostForm(NULL, array(), t('Rebuild permissions'));
     $this->assertText(t('The content access permissions have been rebuilt.'));
 
-    // Test if the rebuild has been successful.
+    // Test if the rebuild by user that cannot bypass node access and does not
+    // have access to the nodes has been successful.
+    $this->assertFalse($this->adminUser->hasPermission('bypass node access'));
     $this->assertNull(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions have been rebuilt');
-    $this->assertTrue(\Drupal::service('node.grant_storage')->access($node, 'view', $this->webUser), 'The expected node access records are present');
+    foreach ($nodes as $node) {
+      $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
+      $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
+    }
+    $this->assertFalse(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
+
+    // Test an anonymous node access rebuild from code.
+    $this->drupalLogout();
+    node_access_rebuild();
+    foreach ($nodes as $node) {
+      $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
+      $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
+    }
     $this->assertFalse(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
   }
 
diff --git a/core/modules/node/src/Tests/NodeAccessRebuildTest.php b/core/modules/node/src/Tests/NodeAccessRebuildTest.php
deleted file mode 100644
index 187f3a0..0000000
--- a/core/modules/node/src/Tests/NodeAccessRebuildTest.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-
-namespace Drupal\node\Tests;
-
-/**
- * Ensures that node access rebuild functions work correctly.
- *
- * @group node
- */
-class NodeAccessRebuildTest extends NodeTestBase {
-  /**
-   * A normal authenticated user.
-   *
-   * @var \Drupal\user\UserInterface
-   */
-  protected $webUser;
-
-  protected function setUp() {
-    parent::setUp();
-
-    $web_user = $this->drupalCreateUser(array('administer site configuration', 'access administration pages', 'access site reports'));
-    $this->drupalLogin($web_user);
-    $this->webUser = $web_user;
-  }
-
-  /**
-   * Tests rebuilding the node access permissions table.
-   */
-  function testNodeAccessRebuild() {
-    $this->drupalGet('admin/reports/status');
-    $this->clickLink(t('Rebuild permissions'));
-    $this->drupalPostForm(NULL, array(), t('Rebuild permissions'));
-    $this->assertText(t('Content permissions have been rebuilt.'));
-  }
-
-}