There is probably a couple of way to reproduce this issue, and it is very difficult to define one clearly at the moment.
The net result is denial of access to a user in a group that should have access to a given entity.
The simplest test case I had currently is:
1) put a user in a group
2) give access to that group on a new space.
Starting with an empty cache...
The user does not receive appropriate access at space level when access is checked against the space WebHome.
The user does not receive appropriate access at page level for WebHome when access is checked against any other page in the space
I strongly suspect this to be a regression introduced by
XWIKI-11877, but I can't imagine how it goes through all existing tests.