Definitely sounds weird.
--
The application uses a couple of VIEWS to determine whether a user should be able to see a project.
This boils down to checking these two views with the relevant internal ids (5000000 numbers);
SELECT 1 FROM odfsec_project_v v
WHERE v.user_id = <<user id to check>>
SELECT 1 FROM odfsec_project_v2 v2
WHERE v2.object_instance_id = <<project id to check>>
AND v2.user_id = <<user id to check>>
(first view is checking whether the user has a global right, second whether the user has a specific right to that specific project).
For the application to show a user a project, either one of those views should return '1' - if both views return empty then the user does not have the access to see the project.
I use the above logic in an admin portlet to check whether people I think should have access to a project (users named in a custom attribute as a project role), do actually have access to the project that they are named against.
--
HOWEVER, since you say that your one user has a global view right, that alone sounds wrong enough to warrant raising a support call, since I'm not sure anyone on here would be able to help you without access to your system/data.