Role data access/Personal lock sql where incorrect

If Role Data access is used to exclude access to a record AND its dependent entities then any query that refers to the table of that record is filtered through an additional where clause which does not correctly handle null values.

It is easiest to explain with an example:
Say access is excluded for a record in C_Order with C_Order_ID = 1000000 and its dependent entities.
If a user queries something in the C_Invoice table the role access control identifies that C_Invoice has a C_Order_ID column and applies something like the following where clause to the query:
"WHERE C_Invoice.C_Order_ID NOT IN (1000000)"

This is intended to exclude any invoices related to C_Order_ID 1000000 BUT it also excludes any invoices where C_Order_ID is null as NULL NOT IN (1000000) evaluates to false. This can be fixed by explicitly checking for nulls e.g. "WHERE C_Invoice.C_Order_ID IS NULL OR C_Invoice.C_Order_ID NOT IN (1000000))". (An alternative solution would be to convert to using a NOT EXISTS clause.)

A similar situation occurs when using the Personal Lock function.