The problem is that the user at some point was unable to even view the forums. He could not do anything whatsoever - it was as if only the permissions from the Moderating group were in effect (we have the basic permissions like View Node set to No (not never) for this group so that kind of thing can be inherited from Registered). I have no idea why the permissions do not resolve correctly. In playing around with it, it seems the problem was "fixed" by adding the View Node permission to the Moderating group and then removing it again.
So my only thought at this point is that it is something to do with permission caching. How exactly do permissions get cached? Could that be the cause? Is there a way to flush the permission cache safely? Is there anything more I can do to investigate this, given that I cannot reproduce it?