diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py
index b916a33d73b7cbe0dee99b9269b45b0fb71201e4..4ac2b84a24e062b815d153924b2b95dbd512e80e 100644
--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -26,6 +26,7 @@
 #
 ##############################################################################
 
+from copy import deepcopy
 from collections import defaultdict
 from Products.CMFCore.CatalogTool import CatalogTool as CMFCoreCatalogTool
 from Products.ZSQLCatalog.ZSQLCatalog import ZCatalog
@@ -124,8 +125,23 @@ class IndexableObjectWrapper(object):
         allowed_role_set.discard('Owner')
 
         # XXX make this a method of base ?
-        local_roles_group_id_group_id = getattr(ob,
-          '__ac_local_roles_group_id_dict__', dict())
+        local_roles_group_id_group_id = deepcopy(getattr(ob,
+          '__ac_local_roles_group_id_dict__', dict()))
+
+        # If we acquire a permission, then we also want to acquire the local
+        # roles group ids
+        local_roles_container = ob
+        while getattr(local_roles_container, 'isRADContent', 0):
+          if local_roles_container._getAcquireLocalRoles():
+            local_roles_container = local_roles_container.aq_parent
+            for role_definition_group, user_and_role_list in \
+                getattr(local_roles_container,
+                        '__ac_local_roles_group_id_dict__',
+                        dict()).items():
+              local_roles_group_id_group_id.setdefault(role_definition_group, set()
+                ).update(user_and_role_list)
+          else:
+            break
 
         allowed_by_local_roles_group_id = {}
         allowed_by_local_roles_group_id[''] = allowed_role_set
diff --git a/product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py b/product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
index 15b280b1b6622fefc27bc30b768b44962aa8bd06..af9982bb577fd8344694d4431cceba09e0db9f5c 100644
--- a/product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
+++ b/product/ERP5Catalog/tests/testERP5CatalogSecurityUidOptimization.py
@@ -187,6 +187,25 @@ CREATE TABLE alternate_roles_and_users (
       self.assertSameSet([user1, user2],
         [o.getObject() for o in
           self.portal.portal_catalog(portal_type='Person')])
+
+      # portal types that acquire roles properly acquire the local role group
+      # id mapping
+      self.assertTrue(self.portal.portal_types.Career.getTypeAcquireLocalRole())
+      career = user1.newContent(portal_type='Career')
+      self.tic()
+
+      alternate_roles_and_users = sql_connection.manage_test(
+        "SELECT * from alternate_roles_and_users").dictionaries()
+      self.assertTrue(dict(uid=career.getUid(),
+                           alternate_security_uid=user1_alternate_security_uid) in
+                      alternate_roles_and_users)
+      self.login('user1')
+      self.assertEqual([career],
+        [o.getObject() for o in self.portal.portal_catalog(portal_type='Career')])
+      self.login('user2')
+      self.assertEqual([],
+        [o.getObject() for o in self.portal.portal_catalog(portal_type='Career')])
+      
     finally:
       # restore catalog configuration
       sql_catalog.sql_search_tables = current_sql_search_tables