In a list view, if there are records spanning over multiple pages (or list is configured to show a certain number of records in each page), and the user is viewing those do not have access control to view all, they will only see the records that are allowed for them for each page separately. For all other pages, if they move to the same, access control will evaluate based on the records that are normally on the page and will hide others as per ACL.
The system does not show all records by consolidating and evaluating ACL altogether. As the pagination goes on, records are displayed over each page distinctly. The user has to navigate to the relevant page, to find which record is visible to them.
This behaviour is by design so that it does not impact the performance when executing the query for getting all the records together. By separating the ACL evaluation at each page level, SQL will only consider the records for the page and not all the records together. If it would do so, it would significantly reduce the performance.
Users can create a Before Query Business Rule, so evaluate and retrieve the records that specific users are supposed to view. This could only show the records without the Security constraint message, as it will already be evaluated.