This issue can be caused by a site which uses Form authentication and the user has the 'UserIsExternal' field from the CMS_User table set to true (which works only with windows authentication, or when authenticating a user against an external DB using the CustomSecurityHandler).