We use hudson for different client projects and would like to grant clients
access to their project only.

I tried to use project-based security, however this won't work if a user has no
global read access
(org.acegisecurity.providers.UsernamePasswordAuthenticationToken@553456a2:
Username: hudson.security.HudsonPrivateSecurityRealm$Details@54a59f; Password:
[PROTECTED]; Authenticated: true; Details:
org.acegisecurity.ui.WebAuthenticationDetails@fffed504: RemoteIpAddress:
127.0.0.1; SessionId: 159938B9D9D4E87C793DADD9A668A196; Granted Authorities:
authenticated is missing Read)

But global read access will allow him to see all projects on the overview page
and he is even able to access all projects.

Possible solution: add a read access property on project level.