diff --git a/master/bt5/slapos_erp5/LocalRolesTemplateItem/cloud_contract_module.xml b/master/bt5/slapos_erp5/LocalRolesTemplateItem/cloud_contract_module.xml
index 3602260c0aaab602e307374daedaa1e781c46b03..1735ee6de5d10fb7d9bdb94023a4b24f6327fcf7 100644
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/cloud_contract_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/cloud_contract_module.xml
@@ -4,11 +4,23 @@
    <item>Auditor</item>
    <item>Author</item>
   </role>
+  <role id='R-MEMBER'>
+   <item>Auditor</item>
+  </role>
+  <role id='R-SHADOW-PERSON'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='group'>
     <principal id='G-COMPANY'>Auditor</principal>
     <principal id='G-COMPANY'>Author</principal>
   </local_role_group_id>
+  <local_role_group_id id='shadow'>
+    <principal id='R-SHADOW-PERSON'>Auditor</principal>
+  </local_role_group_id>
+  <local_role_group_id id='user'>
+    <principal id='R-MEMBER'>Auditor</principal>
+  </local_role_group_id>
  </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
diff --git a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Cloud%20Contract%20Module.xml b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Cloud%20Contract%20Module.xml
index 36f53db0dc1c96d1ea07c05c494b401dd4a0b7fe..59eacd199e2ac1745a561ad41b5db989fc591182 100644
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Cloud%20Contract%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Cloud%20Contract%20Module.xml
@@ -5,4 +5,16 @@
    <multi_property id='category'>group/company</multi_property>
    <multi_property id='base_category'>group</multi_property>
   </role>
+  <role id='Auditor'>
+   <property id='title'>Member</property>
+   <multi_property id='categories'>local_role_group/user</multi_property>
+   <multi_property id='category'>role/member</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
+  <role id='Auditor'>
+   <property id='title'>Person Shadow</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
+   <multi_property id='category'>role/shadow/person</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
diff --git a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Cloud%20Contract.xml b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Cloud%20Contract.xml
index 3d25ac4e704193eb168aa4a76ce33c4664341b50..11c80ec7faff3a060bcb66b7e90b64946fe73c6e 100644
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Cloud%20Contract.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Cloud%20Contract.xml
@@ -1,4 +1,11 @@
 <type_roles>
+  <role id='Auditor'>
+   <property id='title'>Customer</property>
+   <property id='description'>Monovalued role</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='categories'>local_role_group/user</multi_property>
+   <multi_property id='base_category'>destination_section</multi_property>
+  </role>
   <role id='Assignor'>
    <property id='title'>Group company</property>
    <multi_property id='categories'>local_role_group/group</multi_property>
diff --git a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
index 9bc23c77c0e72823c65ebfca06e04ed5d5ce0429..c0452b1b0d0c834f21f3daa308a497aca65c8e12 100644
--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
@@ -2316,20 +2316,35 @@ class TestCloudContractModule(TestSlapOSGroupRoleSecurityMixin):
     module = self.portal.cloud_contract_module
     self.changeOwnership(module)
     self.assertSecurityGroup(module,
-        [self.user_id, 'G-COMPANY'], False)
+        [self.user_id, 'G-COMPANY', 'R-MEMBER', 'R-SHADOW-PERSON'], False)
     self.assertRoles(module, 'G-COMPANY', ['Author', 'Auditor'])
     self.assertRoles(module, self.user_id, ['Owner'])
 
 class TestCloudContract(TestSlapOSGroupRoleSecurityMixin):
   def test_GroupCompany(self):
-    text = self.portal.cloud_contract_module.newContent(
+    contract = self.portal.cloud_contract_module.newContent(
         portal_type='Cloud Contract')
 
-    self.assertSecurityGroup(text,
+    self.assertSecurityGroup(contract,
         ['G-COMPANY', self.user_id],
         False)
-    self.assertRoles(text, 'G-COMPANY', ['Assignor'])
-    self.assertRoles(text, self.user_id, ['Owner'])
+    self.assertRoles(contract, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(contract, self.user_id, ['Owner'])
+
+  def test_Customer(self):
+    reference = 'TESTPERSON-%s' % self.generateNewId()
+    person = self.portal.person_module.newContent(portal_type='Person',
+        reference=reference)
+    contract = self.portal.cloud_contract_module.newContent(
+        portal_type='Cloud Contract',
+        destination_section_value=person,
+        )
+    contract.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(contract,
+        ['G-COMPANY', person.getUserId(), self.user_id], False)
+    self.assertRoles(contract, 'G-COMPANY', ['Assignor'])
+    self.assertRoles(contract, person.getUserId(), ['Auditor'])
+    self.assertRoles(contract, self.user_id, ['Owner'])
 
 class TestUpgradeDecisionModule(TestSlapOSGroupRoleSecurityMixin):
   def test(self):