diff --git a/core/modules/user/src/Access/PermissionAccessCheck.php b/core/modules/user/src/Access/PermissionAccessCheck.php
index 2672a4e..84b9865 100644
--- a/core/modules/user/src/Access/PermissionAccessCheck.php
+++ b/core/modules/user/src/Access/PermissionAccessCheck.php
@@ -29,6 +29,27 @@ class PermissionAccessCheck implements AccessInterface {
    */
   public function access(Route $route, AccountInterface $account) {
     $permission = $route->getRequirement('_permission');
-    return $account->hasPermission($permission) ? static::ALLOW : static::DENY;
+    // Separate for matching ANY checks.
+    $split = explode(',', $permission);
+    if (count($split) > 1) {
+      $access = FALSE;
+      foreach ($split as $permission) {
+        if ($account->hasPermission($permission) === TRUE) {
+          $access = TRUE;
+          break;
+        }
+      }
+      return $access ? static::ALLOW : static::DENY;
+    }
+    else {
+      // Separate for matching ALL checks.
+      $split = explode('+', $permission);
+      $access = TRUE;
+      foreach ($split as $permission) {
+        $access &= $account->hasPermission($permission);
+      }
+      return $access ? static::ALLOW : static::DENY;
+    }
   }
+
 }
diff --git a/core/modules/user/tests/src/Unit/PermissionAccessCheckTest.php b/core/modules/user/tests/src/Unit/PermissionAccessCheckTest.php
new file mode 100644
index 0000000..3c58e90
--- /dev/null
+++ b/core/modules/user/tests/src/Unit/PermissionAccessCheckTest.php
@@ -0,0 +1,74 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\Tests\user\Unit\PermissionAccessCheckTest.
+ */
+
+namespace Drupal\Tests\user\Unit;
+
+use Drupal\Core\Access\AccessCheckInterface;
+use Drupal\Tests\UnitTestCase;
+use Drupal\user\Access\PermissionAccessCheck;
+use Symfony\Component\Routing\Route;
+
+/**
+ * @coversDefaultClass \Drupal\user\Access\PermissionAccessCheck
+ * @group Routing
+ */
+class PermissionAccessCheckTest extends UnitTestCase {
+
+  /**
+   * The tested access checker.
+   *
+   * @var \Drupal\user\Access\PermissionAccessCheck
+   */
+  public $accessCheck;
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function setUp() {
+    parent::setUp();
+
+    $this->accessCheck = new PermissionAccessCheck();
+  }
+
+  /**
+   * Provides data for the testAccess method.
+   *
+   * @return array
+   */
+  public function providerTestAccess() {
+    return [
+      [[], AccessCheckInterface::DENY],
+      [['_permission' => 'allowed'], AccessCheckInterface::ALLOW],
+      [['_permission' => 'denied'], AccessCheckInterface::DENY],
+      [['_permission' => 'allowed,denied'], AccessCheckInterface::ALLOW],
+      [['_permission' => 'allowed,denied,other'], AccessCheckInterface::ALLOW],
+      [['_permission' => 'allowed+denied'], AccessCheckInterface::DENY],
+    ];
+  }
+
+  /**
+   * Tests the access check method.
+   *
+   * @dataProvider providerTestAccess
+   * @covers ::access
+   */
+  public function testAccess($requirements, $access) {
+    $user = $this->getMock('Drupal\Core\Session\AccountInterface');
+    $user->expects($this->any())
+      ->method('hasPermission')
+      ->will($this->returnValueMap([
+          ['allowed', TRUE],
+          ['denied', FALSE],
+          ['other', FALSE]
+        ]
+      ));
+    $route = new Route('', [], $requirements);
+
+    $this->assertEquals($access, $this->accessCheck->access($route, $user));
+  }
+
+}
diff --git a/core/modules/user/user.services.yml b/core/modules/user/user.services.yml
index 7ffcc65..c2f48d9 100644
--- a/core/modules/user/user.services.yml
+++ b/core/modules/user/user.services.yml
@@ -1,6 +1,7 @@
 services:
   access_check.permission:
     class: Drupal\user\Access\PermissionAccessCheck
+    arguments: ['@current_user']
     tags:
       - { name: access_check, applies_to: _permission }
   access_check.user.register: