Looks I've clarified the problem:
A resource with scopes won't be permitted if there are no permitted scopes.

This is a strange behavior - if there are no permitted scopes, the resource should still be available, it just doesn't have any additional actions (scopes) permitted.

In support, if you take a resource without scopes, the resource is available (given all resource permissions are permitted). But following the current logic Keycloak handles scopes, the resource shouldn't be available then, since there are no available scopes.

Now, the only solution is to create a dummy scope and always assign it to resources, so that they don't get blocked when no other scopes are available.

I think, this behavior should be changed.
What do you think?