With the recent changes to odfsec_risk_v2, the @WHERE:SECURITY clause in the Risk management portlets and lookups are not returning correct data for users having OBS and Instance rights.
STEPS TO REPRODUCE:
1. Login as admin and create a security group Risk and provide the below OBS rights
Project - Risk, Issue, Change Request - Delete
Project - Risk, Issue, Change Request - Edit
Project - Risk, Issue, Change Request - View
Project - Risk, Issue, Change Request - Create
Project - View
Projects - Navigate
Provide the View instance rights to the Risk Management Portlet
2. Create a Resource ABC and add the above security group to this resource
3. Create a project XYZ and set the OBS to be the same as the one given in the Security group
4. Create a few risks in the project - Risk1, Risk2, Risk3
5. Logout and login as resource ABC
6. Navigate to Project XYZ - Risks/Issues/CR tab
Result: As expected, Risk1, Risk2 and Risk3 can be seen.
7. Navigate to Home Page and configure to show Risk Management portlet
8. Filter for the project XYZ
Expected: Risk1, Risk2 and Risk3 can be seen in the Risk Management portlet
Actual: The above risks are missing from the portlets.
Workaround: odfsec_risk_v2 is not honoring the OBS and Instance rights. The fix for this issue is to make the below code change to the security clause.
This defect impacts the lookups - RIM_BROWSE_RISKS and RIM_BROWSE_ISSUES and the fix is the same to replace odf_pk with pk_id
Release : 15.9.2
This is impacting 15.9.2 and has been flagged as a defect - DE62129
Please implement the fix provided above.