core/modules/comment/src/CommentAccessControlHandler.php | 12 +++---------
 .../EntityResource/Comment/CommentResourceTestBase.php   | 16 +++++++++++++---
 .../EntityResource/File/FileResourceTestBase.php         | 16 ++++++++++------
 .../EntityResource/Media/MediaResourceTestBase.php       |  5 ++---
 4 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/core/modules/comment/src/CommentAccessControlHandler.php b/core/modules/comment/src/CommentAccessControlHandler.php
index 065d413..bcb0fd7 100644
--- a/core/modules/comment/src/CommentAccessControlHandler.php
+++ b/core/modules/comment/src/CommentAccessControlHandler.php
@@ -3,7 +3,6 @@
 namespace Drupal\comment;
 
 use Drupal\Core\Access\AccessResult;
-use Drupal\Core\Access\AccessResultReasonInterface;
 use Drupal\Core\Entity\EntityAccessControlHandler;
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Field\FieldDefinitionInterface;
@@ -37,8 +36,7 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
 
     switch ($operation) {
       case 'view':
-        $access_result = AccessResult::allowedIfHasPermission($account, 'access comments')
-          ->andIf(AccessResult::allowedIf($entity->isPublished())->addCacheableDependency($entity))
+        $access_result = AccessResult::allowedIf($account->hasPermission('access comments') && $entity->isPublished())->cachePerPermissions()->addCacheableDependency($entity)
           ->andIf($entity->getCommentedEntity()->access($operation, $account, TRUE));
         if (!$access_result->isAllowed()) {
           $access_result->setReason("The 'access comments' permission is required and the comment must be published.");
@@ -47,15 +45,11 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
         return $access_result;
 
       case 'update':
-        $access_result = AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments'))->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
-        if (!$access_result->isAllowed() && $access_result instanceof AccessResultReasonInterface) {
-          $access_result->setReason("The 'edit own comments' permission is required, the user needs to be the author and the comment must be published.");
-        }
-        return $access_result;
+        return AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments'))->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
 
       default:
         // No opinion.
-        return AccessResult::neutral("The 'administer comments' permission is required.")->cachePerPermissions();
+        return AccessResult::neutral()->cachePerPermissions();
     }
   }
 
diff --git a/core/modules/rest/tests/src/Functional/EntityResource/Comment/CommentResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/Comment/CommentResourceTestBase.php
index 25ca463..60e6709 100644
--- a/core/modules/rest/tests/src/Functional/EntityResource/Comment/CommentResourceTestBase.php
+++ b/core/modules/rest/tests/src/Functional/EntityResource/Comment/CommentResourceTestBase.php
@@ -334,11 +334,11 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
       case 'GET';
         return "The 'access comments' permission is required and the comment must be published.";
       case 'PATCH':
-        return "The 'edit own comments' permission is required and the comment must be published.";
+      case 'DELETE':
+        // @todo Update in https://www.drupal.org/project/drupal/issues/2950125.
+        return '';
       case 'POST';
         return "The 'post comments' permission is required.";
-      case 'DELETE':
-        return "The 'administer comments' permission is required.";
     }
   }
 
@@ -375,4 +375,14 @@ public function testPostSkipCommentApproval() {
     $this->assertTrue($unserialized->getStatus());
   }
 
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function getExpectedUnauthorizedEntityAccessCacheability($is_authenticated) {
+    // @see \Drupal\comment\CommentAccessControlHandler::checkAccess()
+    return parent::getExpectedUnauthorizedEntityAccessCacheability($is_authenticated)
+      ->addCacheTags(['comment:1']);
+  }
+
 }
diff --git a/core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php
index 1fa5a38..262eb6e 100644
--- a/core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php
+++ b/core/modules/rest/tests/src/Functional/EntityResource/File/FileResourceTestBase.php
@@ -213,16 +213,20 @@ public function testPost() {
    */
   protected function getExpectedUnauthorizedAccessMessage($method) {
     if ($this->config('rest.settings')->get('bc_entity_resource_permissions')) {
+      // @todo Update in https://www.drupal.org/project/drupal/issues/2950127.
+      if ($method === 'DELETE') {
+        return '';
+      }
       return parent::getExpectedUnauthorizedAccessMessage($method);
     }
 
-    if ($method === 'GET') {
-      return "The 'access content' permission is required.";
-    }
-    if ($method === 'PATCH') {
-      return 'You are not authorized to update this file entity.';
+    switch ($method) {
+      case 'GET':
+        return "The 'access content' permission is required.";
+      default:
+        // @todo Update in https://www.drupal.org/project/drupal/issues/2950127.
+        return '';
     }
-    return parent::getExpectedUnauthorizedAccessMessage($method);
   }
 
 }
diff --git a/core/modules/rest/tests/src/Functional/EntityResource/Media/MediaResourceTestBase.php b/core/modules/rest/tests/src/Functional/EntityResource/Media/MediaResourceTestBase.php
index 000014a..a883999 100644
--- a/core/modules/rest/tests/src/Functional/EntityResource/Media/MediaResourceTestBase.php
+++ b/core/modules/rest/tests/src/Functional/EntityResource/Media/MediaResourceTestBase.php
@@ -246,10 +246,9 @@ protected function getExpectedUnauthorizedAccessMessage($method) {
         return "The 'view media' permission is required and the media item must be published.";
 
       case 'PATCH':
-        return "As a non-owner of this media item, the 'update any media' permission is required; as an owner of this media, the 'update media' permission is required.";
-
       case 'DELETE':
-        return "As a non-owner of this media item, the 'delete any media' permission is required; as an owner of this media, the 'delete media' permission is required.";
+        // @todo Update in https://www.drupal.org/project/drupal/issues/2950129.
+        return '';
 
       default:
         return parent::getExpectedUnauthorizedAccessMessage($method);