This can apply to other security clauses as well. The following explanation is being given for the RESOURCE security clause:
@WHERE:SECURITY:RESOURCE:ID@
This clause is used in a custom NSQL query, but it is noticed that a resource with limited access rights sees all the records fetched by the query.
Global right associated with the resource's account, that provides access to all resources, and thereby access to all records of the portlet.
Find the resources to which an user has access by creating a separate portlet using a query such as the one below:
select
@select:dim:user_def:implied:d0:id:id@,
@select:dim_prop:user_def:implied:d0:full_name:full_name@
from srm_resources
where @filter@
and @WHERE:SECURITY:RESOURCE:id@
The odfsec_resource_v2 view only stores records of instances, where 'Instance Access' or 'OBS Access' is granted. So, if a user has 'Global Access' then querying this view can be misleading.