diff --git a/core/modules/node/src/Tests/NodeAccessRebuildNodeGrantsTest.php b/core/modules/node/src/Tests/NodeAccessRebuildNodeGrantsTest.php
index d5cca95..d151aad 100644
--- a/core/modules/node/src/Tests/NodeAccessRebuildNodeGrantsTest.php
+++ b/core/modules/node/src/Tests/NodeAccessRebuildNodeGrantsTest.php
@@ -2,6 +2,8 @@
 
 namespace Drupal\node\Tests;
 
+use Drupal\node\Entity\NodeType;
+
 /**
  * Ensures that node access rebuild functions work correctly even
  * when other modules implements hook_node_grants().
@@ -11,20 +13,27 @@
 class NodeAccessRebuildNodeGrantsTest extends NodeTestBase {
 
   /**
-   * A user to test the rebuild nodes feature.
+   * A user to create nodes that only it has access to.
    *
    * @var \Drupal\user\UserInterface
    */
   protected $webUser;
 
   /**
+   * A user to test the rebuild nodes feature which can't access the nodes.
+   *
+   * @var \Drupal\user\UserInterface
+   */
+  protected $adminUser;
+
+  /**
    * {@inheritdoc}
    */
   protected function setUp() {
     parent::setUp();
 
-    $admin_user = $this->drupalCreateUser(array('administer site configuration', 'access administration pages', 'access site reports', 'bypass node access'));
-    $this->drupalLogin($admin_user);
+    $this->adminUser = $this->drupalCreateUser(array('administer site configuration', 'access administration pages', 'access site reports'));
+    $this->drupalLogin($this->adminUser);
 
     $this->webUser = $this->drupalCreateUser();
   }
@@ -34,25 +43,54 @@ protected function setUp() {
    */
   public function testNodeAccessRebuildNodeGrants() {
     \Drupal::service('module_installer')->install(['node_access_test']);
+    \Drupal::state()->set('node_access_test.private', TRUE);
+    node_access_test_add_field(NodeType::load('page'));
     $this->resetAll();
 
-    $node = $this->drupalCreateNode(array(
-      'uid' => $this->webUser->id(),
-    ));
-
+    // Create 30 nodes so that _node_access_rebuild_batch_operation() has to run
+    // more than once.
+    for ($i = 0; $i < 30; $i++) {
+      $nodes[] = $this->drupalCreateNode(array(
+        'uid' => $this->webUser->id(),
+        'private' => [['value' => 1]]
+      ));
+    }
+
+    /** @var \Drupal\node\NodeGrantDatabaseStorageInterface $grant_storage */
+    $grant_storage = \Drupal::service('node.grant_storage');
     // Default realm access and node records are present.
-    $this->assertTrue(\Drupal::service('node.grant_storage')->access($node, 'view', $this->webUser), 'The expected node access records are present');
+    foreach ($nodes as $node) {
+      $this->assertTrue($node->private->value);
+      $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the node author.');
+      $this->assertTrue($grant_storage->access($node, 'view', $this->adminUser)->isAllowed(), 'Prior to rebuilding node access the grant storage returns allowed for the admin user.');
+    }
+
     $this->assertEqual(1, \Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is an all realm access record');
     $this->assertTrue(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions need to be rebuilt');
 
     // Rebuild permissions.
-    $this->drupalGet('admin/reports/status/rebuild');
+    $this->drupalGet('admin/reports/status');
+    $this->clickLink(t('Rebuild permissions'));
     $this->drupalPostForm(NULL, array(), t('Rebuild permissions'));
     $this->assertText(t('The content access permissions have been rebuilt.'));
 
-    // Test if the rebuild has been successful.
+    // Test if the rebuild by user that cannot bypass node access and does not
+    // have access to the nodes has been successful.
+    $this->assertFalse($this->adminUser->hasPermission('bypass node access'));
     $this->assertNull(\Drupal::state()->get('node.node_access_needs_rebuild'), 'Node access permissions have been rebuilt');
-    $this->assertTrue(\Drupal::service('node.grant_storage')->access($node, 'view', $this->webUser), 'The expected node access records are present');
+    foreach ($nodes as $node) {
+      $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
+      $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
+    }
+    $this->assertFalse(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
+
+    // Test an anonymous node access rebuild from code.
+    $this->drupalLogout();
+    node_access_rebuild();
+    foreach ($nodes as $node) {
+      $this->assertTrue($grant_storage->access($node, 'view', $this->webUser)->isAllowed(), 'After rebuilding node access the grant storage returns allowed for the node author.');
+      $this->assertFalse($grant_storage->access($node, 'view', $this->adminUser)->isForbidden(), 'After rebuilding node access the grant storage returns forbidden for the admin user.');
+    }
     $this->assertFalse(\Drupal::service('node.grant_storage')->checkAll($this->webUser), 'There is no all realm access record');
   }