Here are some options available to you in CA PPM to accomplish the business use case requirement that you described in this ticket:
(1) Enable the "Project - Risks, Issues, Changes - Create / Edit" or the "Project - Risks, Issues, Changes - View" access right for the project instances with risks that they own.
This manual page has more information about how to implement instance access rights.
(2) If you have OBS units defined for your organization, then you can grant the Resources Access to Object (Instances) using an OBS Unit.
This manual page has more information about how to set this up.