diff --git a/core/modules/rest/tests/src/Functional/EntityResource/Shortcut/ShortcutResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/Shortcut/ShortcutResourceTestBase.php
index 50d4757..6edb4e9 100644
--- a/core/modules/rest/tests/src/Functional/EntityResource/Shortcut/ShortcutResourceTestBase.php
+++ b/core/modules/rest/tests/src/Functional/EntityResource/Shortcut/ShortcutResourceTestBase.php
@@ -39,12 +39,10 @@
   protected function setUpAuthorization($method) {
     switch ($method) {
       case 'GET':
-        $this->grantPermissionsToTestedRole(['access shortcuts', 'customize shortcut links']);
-        break;
       case 'POST':
       case 'PATCH':
       case 'DELETE':
-        $this->grantPermissionsToTestedRole(['administer shortcuts']);
+        $this->grantPermissionsToTestedRole(['access shortcuts', 'customize shortcut links']);
         break;
     }
   }
@@ -151,7 +149,7 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
       case 'POST':
       case 'PATCH':
       case 'DELETE':
-        return "The 'access shortcuts, customize shortcut links' permissions is required.";
+        return "The 'access shortcuts' AND 'customize shortcut links' permissions is required.";
       default:
         return parent::getExpectedUnauthorizedAccessMessage($method);
     }
diff --git a/core/modules/shortcut/shortcut.module b/core/modules/shortcut/shortcut.module
index 037feca..1d503f6 100644
--- a/core/modules/shortcut/shortcut.module
+++ b/core/modules/shortcut/shortcut.module
@@ -65,8 +65,8 @@ function shortcut_set_edit_access(ShortcutSetInterface $shortcut_set = NULL) {
   // Sufficiently-privileged users can edit their currently displayed shortcut
   // set, but not other sets. They must also be able to access shortcuts.
   $may_edit_current_shortcut_set = $account->hasPermission('customize shortcut links') && (!isset($shortcut_set) || $shortcut_set == shortcut_current_displayed_set()) && $account->hasPermission('access shortcuts');
-  if (!$may_edit_current_shortcut_set) {    
-    return AccessResult::neutral("The 'access shortcuts, customize shortcut links' permissions is required.")->cachePerPermissions();
+  if (!$may_edit_current_shortcut_set) {
+    return AccessResult::neutral("The 'access shortcuts' AND 'customize shortcut links' permissions is required.")->cachePerPermissions();
   }
   return AccessResult::allowed()->cachePerPermissions();
 }