Steps to reproduce:

1. Login to the admin interface;
2. Create a new user group called "Test";
3. Create a new Role, also called "Test", with these policies:

content|read|Section( Standard )
content|read|Class( File , Image , Banner , Video ) , Section( Media )

4. Assign the "Test" role to the "Test" user group;
5. Create a new user called "John Smith", with username "jsmith", under the "Test" user group;
6. Go to a frontend siteaccess (http://example.com/eng) and try to log in as the new user. You will be re-directed to http://example.com/eng/login_check, and a suitable error message will be displayed:

Oops! An Error Occurred
The server returned a "403 Forbidden".
Something is broken. Please let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused.

Note: on "dev" environment, the error message is more informative:

User 'jsmith' doesn't have user/login permission to SiteAccess 'eng'
403 Forbidden - AccessDeniedHttpException
1 linked Exception: UnauthorizedSiteAccessException »

Up to this point, this is the expected behavior.

7. Then, remove the /login_check from the URL, and you will get the same error instead of displaying the homepage, as would be expected.