diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 009a716..a8a1cdb 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -751,6 +751,11 @@ function user_access($string, $account = NULL) {
     return TRUE;
   }
 
+  // If the account has no roles it can't have any permissions
+  if (empty($account->roles)) {
+    return FALSE;
+  }
+
   // To reduce the number of SQL queries, we cache the user's permissions
   // in a static variable.
   // Use the advanced drupal_static() pattern, since this is called very often.