diff --cc core/modules/user/src/Access/PermissionAccessCheck.php
index 15752de,84b9865..0000000
--- a/core/modules/user/src/Access/PermissionAccessCheck.php
+++ b/core/modules/user/src/Access/PermissionAccessCheck.php
@@@ -30,6 -29,27 +30,27 @@@ class PermissionAccessCheck implements 
     */
    public function access(Route $route, AccountInterface $account) {
      $permission = $route->getRequirement('_permission');
-     return AccessResult::allowedIfHasPermission($account, $permission);
+     // Separate for matching ANY checks.
+     $split = explode(',', $permission);
+     if (count($split) > 1) {
+       $access = FALSE;
+       foreach ($split as $permission) {
+         if ($account->hasPermission($permission) === TRUE) {
+           $access = TRUE;
+           break;
+         }
+       }
 -      return $access ? static::ALLOW : static::DENY;
++      return AccessResult::allowedIf($access);
+     }
+     else {
+       // Separate for matching ALL checks.
+       $split = explode('+', $permission);
+       $access = TRUE;
+       foreach ($split as $permission) {
+         $access &= $account->hasPermission($permission);
+       }
 -      return $access ? static::ALLOW : static::DENY;
++      return AccessResult::allowedIf($access);
+     }
    }
+ 
  }
diff --git a/core/modules/user/tests/src/Unit/PermissionAccessCheckTest.php b/core/modules/user/tests/src/Unit/PermissionAccessCheckTest.php
index 3c58e90..09683ec 100644
--- a/core/modules/user/tests/src/Unit/PermissionAccessCheckTest.php
+++ b/core/modules/user/tests/src/Unit/PermissionAccessCheckTest.php
@@ -8,6 +8,7 @@
 namespace Drupal\Tests\user\Unit;
 
 use Drupal\Core\Access\AccessCheckInterface;
+use Drupal\Core\Access\AccessResult;
 use Drupal\Tests\UnitTestCase;
 use Drupal\user\Access\PermissionAccessCheck;
 use Symfony\Component\Routing\Route;
@@ -41,12 +42,12 @@ protected function setUp() {
    */
   public function providerTestAccess() {
     return [
-      [[], AccessCheckInterface::DENY],
-      [['_permission' => 'allowed'], AccessCheckInterface::ALLOW],
-      [['_permission' => 'denied'], AccessCheckInterface::DENY],
-      [['_permission' => 'allowed,denied'], AccessCheckInterface::ALLOW],
-      [['_permission' => 'allowed,denied,other'], AccessCheckInterface::ALLOW],
-      [['_permission' => 'allowed+denied'], AccessCheckInterface::DENY],
+      [[], AccessResult::allowedIf(FALSE)],
+      [['_permission' => 'allowed'], AccessResult::allowedIf(TRUE)],
+      [['_permission' => 'denied'], AccessResult::allowedIf(FALSE)],
+      [['_permission' => 'allowed,denied'], AccessResult::allowedIf(TRUE)],
+      [['_permission' => 'allowed,denied,other'], AccessResult::allowedIf(TRUE)],
+      [['_permission' => 'allowed+denied'], AccessResult::allowedIf(FALSE)],
     ];
   }
 
diff --git a/core/modules/user/user.services.yml b/core/modules/user/user.services.yml
index c2f48d9..7ffcc65 100644
--- a/core/modules/user/user.services.yml
+++ b/core/modules/user/user.services.yml
@@ -1,7 +1,6 @@
 services:
   access_check.permission:
     class: Drupal\user\Access\PermissionAccessCheck
-    arguments: ['@current_user']
     tags:
       - { name: access_check, applies_to: _permission }
   access_check.user.register: