projects shown in create issue list but no permissions

Yes, they can. They can't view it after.

The permission "Create issue" is for the role "Users". The role "Users" has a group "jira-users" connected where that person isn't in.

I'm afraid I might have found the issue. Thanks for giving me the direction to this permission.

What I described is for a default permission scheme, but not for the software scheme which is connected. I guess I have to set a completely new scheme for this user in order to set the correct permissions?

Yes, that makes sense, the permissions are not combined.  If you can create an issue, then you'll see the project you can create in, but the ability to see it (or edit, or comment, or attach files, or log work, or or or) is totally separate!

This is a bit counter-intuitive - humans will naturally assume we can see issues we create, but the way it works does have uses.

Anyway, I digress.  For your case, I would like to review the "everyone who can log in has create issue".  It sounds like you have got your "who can view projects" absolutely right for you, so the most obvious advice is to do the same for "create issue" in all your permission schemes.

Thanks for your help. Creating issues was available for everyone. I changed that to the role "User".

The particular user does not have that role by default. In the project I added that User with the role "User". That gives her the permission "create issue" for only that project.

Exactly how we need it. Thanks again.