Please review the Entry Access Rights in the documentation, in particular the section titled "Tips for entry access rights."

Keep in mind that denied rights take precedence over allowed rights. If a right is denied to a group, all users that belong to that group will be denied that right, regardless of whether it has been specifically granted to them. Therefore, if a group contains some users that should have an access right and others that should not, that access right should be left unspecified at the group level. You can then grant the desired access right to authorized users. No additional action is required for the users that should not have that access right. Note that a "blank" right, with neither Allow or Deny checked, is Denied by default, but will not override an inherited Allow from a parent folder or from a group.

https://www.laserfiche.com/support/webhelp/Laserfiche/9.2/en-US/AdminGuide/LFAdmin.htm#best_practices__access_control.htm

The only access rights that are specific to shortcuts are browse, delete, and view security, so you don't need to worry about the fact that it's a shortcut. I'd second what Tommy suggests here, check the effective rights for this user and see if group or tree inheritence is doing something you aren't expecting.