This is working as expected. In our reporting data model, the "Run Reports on All Workspaces" permission exists as a layer of security to restrict users from seeing each other's time data without proper clearance.
When a report is run, even non-project work is assigned to a pseudo project called Non-Project Work so that they are covered by this restriction.
To remove non-project work from this restriction would allow users to easily report on non-project work for all workspaces in their enterprise, which in some enterprises would be a security risk.
A workaround in reporting is to use the Work Entries table under the Time Management folder.