What you are describing in theory works. So there must be a detail you missed. Can you upload your exact script to try to help you find the flaw?
I have the same issue with our solution. What I did was I created a calculation field on the table that examines if they can view it. It can be as simple as USER_CREATED=get(accountname), or you can have the calculation run many different criteria, but in the end the technique is to have the field display a 1 if the user can view it, and then perform a find on that field and search for one.
BTW, you don't need much for criteria here. Any find you perform with valid criteria should automatically filter out the "no access" records from the found set.
Something as simple as
enter Find mode
Set field [Service Mgmt::NeveryEmptyfield ; "*" ]
Set Error Capture [on]
Should find all records, but then filters out the "no access" ones they aren't permitted to see.