Security should be the same, though with server as the host, you gain additional options such as server based external authentication.
101 means "record is missing".
While I would define the Portfolio field to be a field of type number in both tables and as an auto-entered serial number in Portfolio, I can see no reason why hosting the file should produce a change in behavior.
Thanks Phil. In my testing I changed the type and had intended to switch it back to number.
Any ideas why the privilege set would act differently in the two environments? Is this possibly a bug?
However, under the user account, I am seeing inconsistent results without even hosting the file.
I'm getting an issue without even hosting the file. The record that is current when the file opens, when the file is opened with the limited access "user" account, cannot access the related records given the record level access security settings. I tried a number of different "fixes"--including manually running the script that sets the global variable and found that the following script, performed "onFIrstWindowOpen" would fix the problem, but it really shouldn't be necessary:
Set Field [Portfolio::Portfolio ; Portfolio::Portfolio ]
Commit Records 
Perform Script ["port variable"]
I was then able to reproduce this behavior in a brand new "created from scratch" test file so it does not appear to be any kind of issue with the specific file or a field index.
PS. I hit on this solution first by putting a portal to SR on the portfolio layout so that I could see what records were accessible without using the GTRR button. I then discovered that if I manually deleted one digit from Portfolio, typed it back in and clicked the layout background to commit the change, the records then appeared and GTRR worked.
I'm now going to report this over in Report an Issue as this seems to be an easily reproducible bug.
Great! At least I'm not crazy! thanks for taking the time to help me look at this.