If you don't want to be rude, why write that?
You didn't mention that you were "security" and it seemed perfectly reasonable that it would be the security package, rather than SDSF, who would "bounce" a security infringement.
Did you look up the message?
Explanation: A row token referencing a row that no longer exists was encountered during processing of an ISFACT command. The requested action is not performed.
What is different between you and your user on the QUERY and WHO?