This behavior is expected and as a result of the way that ACLs are applied in the list. The current design is to first execute the query against the table and retrieve all records that meet the specified filter condition, then for each row on the current page any read ACLs are evaluated to verify if the current user is allowed to view the record. If the user is able to view the record it is displayed as a row in the list, however if the user is not permitted to view the record it is not displayed. If there are any row that were not displayed the count is displayed with the message "Number of rows removed from this list by Security constraints"

This is our design and expected behavior of platform.

If your users are experiencing similar behavior or complain that "there are no records displayed" in a list, please evaluate if the issue is related to this behavior. It might be necessary for you to educate your user why this is happening.

Very often it is possible to avoid this situation by using a before query business rule to restrict which records the user can see at the time that the query is executed against the database.

The feasibility of this as a solution will largely depend on the complexity of the restrictions that you want to apply to the visibility of the records eg. not everything could be implemented as a filter conditions on the SQL query.

For more information please see following knowledge article:

KB0523826 Before Query Business Rules - The *Other* Access Control
https://hi.service-now.com/kb_view.do?sysparm_article=KB052382