search cancel

Clarity PPM: @WHERE:SECURITY clause in Risk management portlets and lookups returning incorrect results for users with OBS and Instance rights - odfsec_risk_v2

book

Article ID: 221168

calendar_today

Updated On:

Products

Clarity PPM SaaS Clarity PPM On Premise

Issue/Introduction

With the recent changes to odfsec_risk_v2, the @WHERE:SECURITY clause in the Risk management portlets and lookups are not returning correct data for users having OBS and Instance rights. 

Steps to Reproduce: 

  1. Login as admin and create a security group Risk and provide the below OBS rights 
       Project - Risk, Issue, Change Request - Delete 
       Project - Risk, Issue, Change Request - Edit 
       Project - Risk, Issue, Change Request - View 
       Project - Risk, Issue, Change Request - Create 
       Project - View 
    Global Rights
       Projects - Navigate 
    Provide the View instance rights to the Risk Management Portlet 
  2. Create a Resource ABC and add the above security group to this resource
  3. Create a project XYZ and set the OBS to be the same as the one given in the Security group 
  4. Create a few risks in the project - Risk1, Risk2, Risk3  
  5. Logout and login as resource ABC
  6. Navigate to Project XYZ - Risks/Issues/CR tab 
       Result: As expected, Risk1, Risk2 and Risk3 can be seen 
  7. Navigate to Home Page and configure to show Risk Management portlet
  8. Filter for the project XYZ

Expected Results: Risk1, Risk2 and Risk3 can be seen in the Risk Management portlet. 

Actual Results: The above risks are missing from the portlets. 

Cause

DE62129

Workaround:

  • The 'odfsec_risk_v2' is not honoring the OBS and Instance rights.
  • For On-Premise customers:
    • The fix for this issue is to make the below code change to the security clause 
    • This defect impacts the lookups - RIM_BROWSE_RISKS and RIM_BROWSE_ISSUES and the fix is the same to replace odf_pk with pk_id 

Environment

Release : 15.9.2, 15.9.3 

Resolution

Fixed in Release 16.0.0