With the recent changes to odfsec_risk_v2, the @WHERE:SECURITY clause in the Risk management portlets and lookups are not returning correct data for users having OBS and Instance rights. 

Steps to Reproduce: 

1. Login as admin and create a security group Risk and provide the below OBS rights 
      Project - Risk, Issue, Change Request - Delete 
      Project - Risk, Issue, Change Request - Edit 
      Project - Risk, Issue, Change Request - View 
      Project - Risk, Issue, Change Request - Create 
      Project - View 
   Global Rights
      Projects - Navigate 
   Provide the View instance rights to the Risk Management Portlet 
2. Create a Resource ABC and add the above security group to this resource
3. Create a project XYZ and set the OBS to be the same as the one given in the Security group 
4. Create a few risks in the project - Risk1, Risk2, Risk3  
5. Logout and login as resource ABC
6. Navigate to Project XYZ - Risks/Issues/CR tab 
      Result: As expected, Risk1, Risk2 and Risk3 can be seen 
7. Navigate to Home Page and configure to show Risk Management portlet
8. Filter for the project XYZ

Expected Results: Risk1, Risk2 and Risk3 can be seen in the Risk Management portlet. 

Actual Results: The above risks are missing from the portlets. 

Release : 15.9.2, 15.9.3 

DE62129

Workaround:

• The 'odfsec_risk_v2' is not honoring the OBS and Instance rights.
• For On-Premise customers:
  • The fix for this issue is to make the below code change to the security clause 
    • Change @WHERE:SECURITY:RISK:r.odf_pk@ to AND @WHERE:SECURITY:RISK:r.pk_id@ 
  • This defect impacts the lookups - RIM_BROWSE_RISKS and RIM_BROWSE_ISSUES and the fix is the same to replace odf_pk with pk_id 

Fixed in Release 16.0.0