With the recent changes to odfsec_risk_v2, the @WHERE:SECURITY clause in the Risk management portlets and lookups are not returning correct data for users having OBS and Instance rights.
Steps to Reproduce:
- Login as admin and create a security group Risk and provide the below OBS rights
Project - Risk, Issue, Change Request - Delete
Project - Risk, Issue, Change Request - Edit
Project - Risk, Issue, Change Request - View
Project - Risk, Issue, Change Request - Create
Project - View
Projects - Navigate
Provide the View instance rights to the Risk Management Portlet
- Create a Resource ABC and add the above security group to this resource
- Create a project XYZ and set the OBS to be the same as the one given in the Security group
- Create a few risks in the project - Risk1, Risk2, Risk3
- Logout and login as resource ABC
- Navigate to Project XYZ - Risks/Issues/CR tab
Result: As expected, Risk1, Risk2 and Risk3 can be seen
- Navigate to Home Page and configure to show Risk Management portlet
- Filter for the project XYZ
Expected Results: Risk1, Risk2 and Risk3 can be seen in the Risk Management portlet.
Actual Results: The above risks are missing from the portlets.