We have developed a couple of customized portlets for the visualization of approvals and financial issues, we assign the levels of access through groups of approvers, however we need that in projects only team members have access to those portlets, but the users with access to those portlets can see them for any project, and those are not convenient, how could we restrict access to portlets by project?
If the portlets are NSQL based then you should be adding in the "security" clause which will restrict data to the same data a user can see in the application normally - it looks something like this;
where the I.id is the reference to the inv_investments.id from elsewhere in your NSQL
if the level of control you want is more detailed than the normal application security rules, then just "code" it into the NSQL (i.e. specifically only return data for certain projects, or projects where the executing use is a team member - you can determine the executing user in NSQL using the built-in @WHERE:PARAM:USER_ID@)
Extending Dave's answer, you need to add in logic to check prteam. i.e. adding an EXISTS clause should do the trick without too much code rewrite