How are they 'restricted'? If, for example, a project's permission scheme has "jira-users" allowed to create issues, then generally all users will be able to do so. In summary:
1) For each project that the user shouldn't see, review the permission scheme. If grants are made to explicit groups that shouldn't have access, remove them.
2) Where the create permission is granted to a project role, check the project's role. If the role includes groups it should not, remove them.
If neither of those are the case, then the user must be in a group the user should not be in. At that point, check the user's group membership and map it back to the explicit grants and/or role members. That applies to the user as well, but it seems unlikely that the specific user will be granted explicit access.
Issue Security
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.