diff --git a/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_asSecurityGroupId.xml b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_asSecurityGroupId.xml
new file mode 100644
index 0000000000000000000000000000000000000000..ad910e29d223885e91b3ea1c2985b174a3b42301
--- /dev/null
+++ b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_asSecurityGroupId.xml
@@ -0,0 +1,228 @@
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.PythonScripts.PythonScript</string>
+          <string>PythonScript</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Python_magic</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>__ac_local_roles__</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_body</string> </key>
+            <value> <string># category_order : list of base_categories we want to use to generate the group id\n
+# kw : keys should be base categories,\n
+#      values should be value of corresponding relative urls (obtained by getBaseCategory())\n
+#\n
+# Example call : context.ERP5TypeSecurity_asGroupId(category_order=(\'site\', \'group\', \'function\'),\n
+#                    site=\'france/lille\', group=\'nexedi\', function=\'accounting/accountant\')\n
+# This will generate a string like \'LIL_NXD_ACT\' where "LIL", "NXD" and "ACT" are the codification\n
+#   of respecively "france/lille", "nexedi" and "accounting/accountant" categories\n
+#\n
+# ERP5Type_asSecurityGroupId can also return a list of users whenever a category points\n
+# to a Person instance. This is useful to implement user based local role assignments\n
+\n
+code_list = []\n
+user_list = []\n
+\n
+# sort the category list lexicographically\n
+# this prevents us to choose the exact order we want,\n
+# but also prevents some human mistake to break everything by creating site_function instead of function_site\n
+if category_order not in (None, \'\'):\n
+  category_order = list(category_order)\n
+  category_order.sort()\n
+else:\n
+  category_order = []\n
+\n
+for base_category in category_order:\n
+  # BG - sometimes we fail if something is missing\n
+  category_list   = kw.get(base_category)\n
+  if category_list is None:continue\n
+  if same_type(category_list, \'\'):\n
+    category_list = [category_list]\n
+  for category in category_list:\n
+    category_path   = \'%s/%s\' % (base_category, category)\n
+    if base_category==\'reference\': # we will be looking for Person\n
+      res=context.portal_catalog(portal_type=\'Person\',reference=category)\n
+      if res is not None and len(res)==1:\n
+        category_object=res[0].getObject()\n
+    else:\n
+      category_object = context.portal_categories.getCategoryValue(category_path)\n
+    if category_object in (None, \'\'):\n
+      raise "SecurityRoleDefinitionError", "Category \'%s\' doesn\'t exist" % (category_path)\n
+    if category_object.getPortalType() == \'Person\':\n
+      # We define a person here\n
+      user_name = category_object.getReference()\n
+      if user_name is not None: user_list.append(user_name)\n
+    else:\n
+      # We define a group item here\n
+      # BG: if this is a Project, it has no codification but a reference instead\n
+      try:\n
+        category_code   = category_object.getCodification() or category_object.getId()\n
+      except AttributeError:\n
+        category_code = category_object.getReference()\n
+      code_list.append(category_code)\n
+\n
+# Return a list of users or a single group\n
+if user_list:\n
+  context.log(user_list)\n
+  return user_list\n
+r=\'_\'.join(code_list)\n
+context.log(category_order,r)\n
+return r\n
+</string> </value>
+        </item>
+        <item>
+            <key> <string>_code</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_filepath</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_owner</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>category_order, **kw</string> </value>
+        </item>
+        <item>
+            <key> <string>errors</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>func_code</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>co_argcount</string> </key>
+                        <value> <int>1</int> </value>
+                    </item>
+                    <item>
+                        <key> <string>co_varnames</string> </key>
+                        <value>
+                          <tuple>
+                            <string>category_order</string>
+                            <string>kw</string>
+                            <string>code_list</string>
+                            <string>user_list</string>
+                            <string>None</string>
+                            <string>list</string>
+                            <string>_getattr_</string>
+                            <string>_getiter_</string>
+                            <string>base_category</string>
+                            <string>category_list</string>
+                            <string>same_type</string>
+                            <string>category</string>
+                            <string>category_path</string>
+                            <string>context</string>
+                            <string>res</string>
+                            <string>len</string>
+                            <string>_getitem_</string>
+                            <string>category_object</string>
+                            <string>user_name</string>
+                            <string>category_code</string>
+                            <string>AttributeError</string>
+                            <string>r</string>
+                          </tuple>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>func_defaults</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>ERP5Type_asSecurityGroupId</string> </value>
+        </item>
+        <item>
+            <key> <string>warnings</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
diff --git a/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromArrow.xml b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignment.xml
similarity index 64%
rename from bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromArrow.xml
rename to bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignment.xml
index 25fe10128a20e710ea4cd1d95ee1b08aa2a219cd..4509b61560a39806fa5ba1aa47281673963abfc7 100644
--- a/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromArrow.xml
+++ b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignment.xml
@@ -68,12 +68,13 @@
         </item>
         <item>
             <key> <string>_body</string> </key>
-            <value> <string># XXX For now, this script requires proxy manager\n
+            <value> <string encoding="cdata"><![CDATA[
+
+# XXX For now, this script requires proxy manager to retrieve the Person object in all cases\n
 \n
 # base_category_list : list of category values we need to retrieve\n
 # user_name : string obtained from getSecurityManager().getUser().getUserName() [NuxUserGroup]\n
-#             When using PluggableAuthService with ERP5GroupMAnager, user_name is the id\n
-#             of the person linked to getUser().getId() through getReference() (which is its login).\n
+#             or from getSecurityManager().getUser().getId() [PluggableAuthService with ERP5GroupManager]\n
 # object : object which we want to assign roles to.\n
 # portal_type : portal type of object\n
 \n
@@ -81,14 +82,41 @@
 \n
 category_list = []\n
 \n
-if object is None:\n
-  return []\n
+person_module = context.portal_url.getPortalObject().getDefaultModule(\'Person\')\n
+# It is better to keep getObject(), in this script this\n
+# prevent a very strange bug, sometimes without getObject the\n
+# assignment is not found\n
+person_object_list = [x.getObject() for x in person_module.searchFolder(portal_type=\'Person\', reference=user_name)]\n
 \n
-for base_category in base_category_list:\n
-  category_list.append({base_category: object.getCategoryMembershipList(base_category)})\n
-#context.log(script.getId(),category_list)\n
+if len(person_object_list) != 1:\n
+  if len(person_object_list) > 1:\n
+    raise ConsistencyError, "Error: There is more than one Person with reference \'%s\'" % user_name\n
+  else:\n
+    # if a person_object was not found in the module, we do nothing more\n
+    # this happens for example when a manager with no associated person object\n
+    # creates a person_object for a new user\n
+    return []\n
+person_object = person_object_list[0]\n
+\n
+# We look for valid assignments of this user\n
+for assignment in person_object.contentValues(filter={\'portal_type\': \'Assignment\'}):\n
+  if assignment.getValidationState() == \'open\':\n
+    category_dict = {}\n
+    for base_category in base_category_list:\n
+      if base_category==\'source_project\':\n
+        category_value=assignment.getDestinationProject()\n
+      else:\n
+        category_value = assignment.getProperty(base_category)\n
+      if category_value not in (None, \'\'):\n
+        category_dict[base_category] = category_value\n
+      else:\n
+        raise RuntimeError, "Error: \'%s\' property is required in order to update person security group"  % (base_category)\n
+    category_list.append(category_dict)\n
+context.log(category_list)\n
 return category_list\n
-</string> </value>
+
+
+]]></string> </value>
         </item>
         <item>
             <key> <string>_code</string> </key>
@@ -102,6 +130,12 @@ return category_list\n
               <none/>
             </value>
         </item>
+        <item>
+            <key> <string>_owner</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>_params</string> </key>
             <value> <string>base_category_list, user_name, object, portal_type</string> </value>
@@ -143,10 +177,25 @@ return category_list\n
                             <string>object</string>
                             <string>portal_type</string>
                             <string>category_list</string>
-                            <string>None</string>
+                            <string>_getattr_</string>
+                            <string>context</string>
+                            <string>person_module</string>
+                            <string>append</string>
+                            <string>$append0</string>
                             <string>_getiter_</string>
+                            <string>x</string>
+                            <string>person_object_list</string>
+                            <string>len</string>
+                            <string>ConsistencyError</string>
+                            <string>_getitem_</string>
+                            <string>person_object</string>
+                            <string>assignment</string>
+                            <string>category_dict</string>
                             <string>base_category</string>
-                            <string>_getattr_</string>
+                            <string>category_value</string>
+                            <string>None</string>
+                            <string>_write_</string>
+                            <string>RuntimeError</string>
                           </tuple>
                         </value>
                     </item>
@@ -163,7 +212,7 @@ return category_list\n
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>ERP5Type_getSecurityCategoryFromArrow</string> </value>
+            <value> <string>ERP5Type_getSecurityCategoryFromAssignment</string> </value>
         </item>
         <item>
             <key> <string>warnings</string> </key>
diff --git a/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromClassification.xml b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromUser.xml
similarity index 69%
rename from bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromClassification.xml
rename to bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromUser.xml
index 30dd4bc72c989b43b3caeabb427a42175986e271..fe3ba5fde7b6e0ee72d7eb895c21ef406ff61c34 100644
--- a/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromClassification.xml
+++ b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromUser.xml
@@ -68,12 +68,13 @@
         </item>
         <item>
             <key> <string>_body</string> </key>
-            <value> <string># XXX For now, this script requires proxy manager\n
+            <value> <string encoding="cdata"><![CDATA[
+
+# XXX For now, this script requires proxy manager to retrieve the Person object in all cases\n
 \n
 # base_category_list : list of category values we need to retrieve\n
 # user_name : string obtained from getSecurityManager().getUser().getUserName() [NuxUserGroup]\n
-#             When using PluggableAuthService with ERP5GroupMAnager, user_name is the id\n
-#             of the person linked to getUser().getId() through getReference() (which is its login).\n
+#             or from getSecurityManager().getUser().getId() [PluggableAuthService with ERP5GroupManager]\n
 # object : object which we want to assign roles to.\n
 # portal_type : portal type of object\n
 \n
@@ -81,14 +82,35 @@
 \n
 category_list = []\n
 \n
-if object is None:\n
-  return []\n
+person_module = context.portal_url.getPortalObject().getDefaultModule(\'Person\')\n
+# It is better to keep getObject(), in this script this\n
+# prevent a very strange bug, sometimes without getObject the\n
+# assignment is not found\n
+person_object_list = [x.getObject() for x in person_module.searchFolder(portal_type=\'Person\', reference=user_name)]\n
 \n
-for base_category in base_category_list:\n
-  category_list.append({base_category: object.getCategoryMembershipList(base_category)})\n
+if len(person_object_list) != 1:\n
+  if len(person_object_list) > 1:\n
+    raise ConsistencyError, "Error: There is more than one Person with reference \'%s\'" % user_name\n
+  else:\n
+    # if a person_object was not found in the module, we do nothing more\n
+    # this happens for example when a manager with no associated person object\n
+    # creates a person_object for a new user\n
+    return []\n
+person_object = person_object_list[0]\n
 \n
+category_dict = {}\n
+for base_category in base_category_list:\n
+  category_value = person_object.getProperty(base_category)\n
+  if category_value not in (None, \'\'):\n
+    category_dict[base_category] = category_value\n
+  else:\n
+    raise RuntimeError, "Error: \'%s\' property is required in order to update person security group"  % (base_category)\n
+  category_list.append(category_dict)\n
+context.log(category_list)\n
 return category_list\n
-</string> </value>
+
+
+]]></string> </value>
         </item>
         <item>
             <key> <string>_code</string> </key>
@@ -102,6 +124,12 @@ return category_list\n
               <none/>
             </value>
         </item>
+        <item>
+            <key> <string>_owner</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>_params</string> </key>
             <value> <string>base_category_list, user_name, object, portal_type</string> </value>
@@ -143,10 +171,24 @@ return category_list\n
                             <string>object</string>
                             <string>portal_type</string>
                             <string>category_list</string>
-                            <string>None</string>
+                            <string>_getattr_</string>
+                            <string>context</string>
+                            <string>person_module</string>
+                            <string>append</string>
+                            <string>$append0</string>
                             <string>_getiter_</string>
+                            <string>x</string>
+                            <string>person_object_list</string>
+                            <string>len</string>
+                            <string>ConsistencyError</string>
+                            <string>_getitem_</string>
+                            <string>person_object</string>
+                            <string>category_dict</string>
                             <string>base_category</string>
-                            <string>_getattr_</string>
+                            <string>category_value</string>
+                            <string>None</string>
+                            <string>_write_</string>
+                            <string>RuntimeError</string>
                           </tuple>
                         </value>
                     </item>
@@ -163,7 +205,7 @@ return category_list\n
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>ERP5Type_getSecurityCategoryFromClassification</string> </value>
+            <value> <string>ERP5Type_getSecurityCategoryFromUser</string> </value>
         </item>
         <item>
             <key> <string>warnings</string> </key>
diff --git a/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_securityIsOwnerOrAssignor.xml b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryMapping.xml
similarity index 86%
rename from bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_securityIsOwnerOrAssignor.xml
rename to bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryMapping.xml
index 0293734d69989c2dcf3bd20f3ff91ab7b905d6b5..c3d45c774a0e9f3233f4de45cee9afec82046b21 100644
--- a/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_securityIsOwnerOrAssignor.xml
+++ b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryMapping.xml
@@ -68,16 +68,13 @@
         </item>
         <item>
             <key> <string>_body</string> </key>
-            <value> <string># basically you are Assignor if you are Assignor\n
-# but in \'personal\' you sometimes have to be Owner or Assignee to have full Assignor rights\n
-# (e.g. to release a doc)\n
-\n
-from AccessControl import getSecurityManager\n
-u=getSecurityManager().getUser()\n
-if context.isMemberOf(\'classification/personal\'):\n
-  return u.allowed(context,(\'Owner\',\'Assignee\'))\n
-else:\n
-  return u.allowed(context,(\'Assignor\',))\n
+            <value> <string>context.log(\'---\')\n
+return (\n
+(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'function\'] ),\n
+(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'source_project\'] ),\n
+(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'function\',\'source_project\'] ),\n
+(\'ERP5Type_getSecurityCategoryRoot\',[\'group\']),\n
+)\n
 </string> </value>
         </item>
         <item>
@@ -126,11 +123,8 @@ else:\n
                         <key> <string>co_varnames</string> </key>
                         <value>
                           <tuple>
-                            <string>AccessControl</string>
-                            <string>getSecurityManager</string>
                             <string>_getattr_</string>
-                            <string>u</string>
-<string>context</string>
+                            <string>context</string>
                           </tuple>
                         </value>
                     </item>
@@ -147,7 +141,7 @@ else:\n
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>Document_securityIsOwnerOrAssignor</string> </value>
+            <value> <string>ERP5Type_getSecurityCategoryMapping</string> </value>
         </item>
         <item>
             <key> <string>warnings</string> </key>
diff --git a/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryRoot.xml b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryRoot.xml
new file mode 100644
index 0000000000000000000000000000000000000000..60e6597082e18bc7a0b71c3124cedb0a702c88e6
--- /dev/null
+++ b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryRoot.xml
@@ -0,0 +1,231 @@
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.PythonScripts.PythonScript</string>
+          <string>PythonScript</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Python_magic</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>__ac_local_roles__</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_body</string> </key>
+            <value> <string encoding="cdata"><![CDATA[
+
+# XXX it is the same as ERP5Type_getSecurityCategoryFromAssignment\n
+# only it returns only the first part of category\n
+\n
+# XXX For now, this script requires proxy manager to retrieve the Person object in all cases\n
+\n
+# base_category_list : list of category values we need to retrieve\n
+# user_name : string obtained from getSecurityManager().getUser().getUserName() [NuxUserGroup]\n
+#             or from getSecurityManager().getUser().getId() [PluggableAuthService with ERP5GroupManager]\n
+# object : object which we want to assign roles to.\n
+# portal_type : portal type of object\n
+\n
+# must always return a list of dicts\n
+\n
+category_list = []\n
+\n
+person_module = context.portal_url.getPortalObject().getDefaultModule(\'Person\')\n
+# It is better to keep getObject(), in this script this\n
+# prevent a very strange bug, sometimes without getObject the\n
+# assignment is not found\n
+person_object_list = [x.getObject() for x in person_module.searchFolder(portal_type=\'Person\', reference=user_name)]\n
+\n
+if len(person_object_list) != 1:\n
+  if len(person_object_list) > 1:\n
+    raise ConsistencyError, "Error: There is more than one Person with reference \'%s\'" % user_name\n
+  else:\n
+    # if a person_object was not found in the module, we do nothing more\n
+    # this happens for example when a manager with no associated person object\n
+    # creates a person_object for a new user\n
+    return []\n
+person_object = person_object_list[0]\n
+\n
+# We look for valid assignments of this user\n
+for assignment in person_object.contentValues(filter={\'portal_type\': \'Assignment\'}):\n
+  if assignment.getValidationState() == \'open\':\n
+    category_dict = {}\n
+    for base_category in base_category_list:\n
+      if base_category==\'source_project\':\n
+        category_value=assignment.getDestinationProject()\n
+      else:\n
+        category_value = assignment.getProperty(base_category)\n
+      context.log(category_value)\n
+      if category_value not in (None, \'\'):\n
+        category_value=category_value.split(\'/\')[0]\n
+        category_dict[base_category] = category_value\n
+      else:\n
+        raise RuntimeError, "Error: \'%s\' property is required in order to update person security group"  % (base_category)\n
+    category_list.append(category_dict)\n
+context.log(category_list)\n
+return category_list\n
+
+
+]]></string> </value>
+        </item>
+        <item>
+            <key> <string>_code</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_filepath</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_owner</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>base_category_list, user_name, object, portal_type</string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>errors</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>func_code</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>co_argcount</string> </key>
+                        <value> <int>4</int> </value>
+                    </item>
+                    <item>
+                        <key> <string>co_varnames</string> </key>
+                        <value>
+                          <tuple>
+                            <string>base_category_list</string>
+                            <string>user_name</string>
+                            <string>object</string>
+                            <string>portal_type</string>
+                            <string>category_list</string>
+                            <string>_getattr_</string>
+                            <string>context</string>
+                            <string>person_module</string>
+                            <string>append</string>
+                            <string>$append0</string>
+                            <string>_getiter_</string>
+                            <string>x</string>
+                            <string>person_object_list</string>
+                            <string>len</string>
+                            <string>ConsistencyError</string>
+                            <string>_getitem_</string>
+                            <string>person_object</string>
+                            <string>assignment</string>
+                            <string>category_dict</string>
+                            <string>base_category</string>
+                            <string>category_value</string>
+                            <string>None</string>
+                            <string>_write_</string>
+                            <string>RuntimeError</string>
+                          </tuple>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>func_defaults</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>ERP5Type_getSecurityCategoryRoot</string> </value>
+        </item>
+        <item>
+            <key> <string>warnings</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow.xml
index c883336ed8d3ded71038d592214e8c042359c3c7..274c67d142ca4dfb650983340258ba95c77d3bac 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow.xml
@@ -66,6 +66,7 @@
                 <string>View</string>
                 <string>Add portal content</string>
                 <string>Modify portal content</string>
+                <string>Change local roles</string>
               </tuple>
             </value>
         </item>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml
index 89f8717df005ed10b46bbadae379df43db577469..9447f2e1678c5642b1a455da3e2f5c7e0386d765 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml
@@ -26,6 +26,12 @@
             <key> <string>id</string> </key>
             <value> <string>archived</string> </value>
         </item>
+        <item>
+            <key> <string>permission_roles</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>title</string> </key>
             <value> <string>Archived</string> </value>
@@ -45,4 +51,78 @@
       </dictionary>
     </pickle>
   </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Persistence</string>
+          <string>PersistentMapping</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_container</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>Access contents information</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Associate</string>
+                        <string>Auditor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Change local roles</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Modify portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>View</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Associate</string>
+                        <string>Auditor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/cancelled.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/cancelled.xml
index e6d0bc363b3ff232af2d68a7a66caa13c07974b2..4769aeab1f38964e7814bfabd62274bcc17ee55e 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/cancelled.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/cancelled.xml
@@ -26,6 +26,12 @@
             <key> <string>id</string> </key>
             <value> <string>cancelled</string> </value>
         </item>
+        <item>
+            <key> <string>permission_roles</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>title</string> </key>
             <value> <string>Cancelled</string> </value>
@@ -45,4 +51,72 @@
       </dictionary>
     </pickle>
   </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Persistence</string>
+          <string>PersistentMapping</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_container</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>Access contents information</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Change local roles</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Modify portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>View</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/collaborated.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/collaborated.xml
deleted file mode 100644
index 4e37aad3df2ce0deb24c6c9c9030eda812bf9c1f..0000000000000000000000000000000000000000
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/collaborated.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <tuple>
-        <tuple>
-          <string>Products.DCWorkflow.States</string>
-          <string>StateDefinition</string>
-        </tuple>
-        <none/>
-      </tuple>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>__ac_local_roles__</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>_owner</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>description</string> </key>
-            <value> <string>A document that has been made available for collaborative editing before submission</string> </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>collaborated</string> </value>
-        </item>
-        <item>
-            <key> <string>title</string> </key>
-            <value> <string>Collaborated</string> </value>
-        </item>
-        <item>
-            <key> <string>transitions</string> </key>
-            <value>
-              <tuple>
-                <string>cancel</string>
-                <string>cancel_action</string>
-                <string>submit</string>
-                <string>submit_action</string>
-              </tuple>
-            </value>
-        </item>
-        <item>
-            <key> <string>type_list</string> </key>
-            <value>
-              <tuple/>
-            </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml
index 512a7f53e77b65f2359e8c55825af9b9f9441112..4603d683edb425fd2e445a6f0b418c0393ca605c 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml
@@ -26,6 +26,12 @@
             <key> <string>id</string> </key>
             <value> <string>draft</string> </value>
         </item>
+        <item>
+            <key> <string>permission_roles</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>title</string> </key>
             <value> <string>Draft</string> </value>
@@ -36,8 +42,8 @@
               <tuple>
                 <string>cancel</string>
                 <string>cancel_action</string>
-                <string>collaborate</string>
-                <string>collaborate_action</string>
+                <string>share</string>
+                <string>share_action</string>
                 <string>submit</string>
                 <string>submit_action</string>
               </tuple>
@@ -52,4 +58,76 @@
       </dictionary>
     </pickle>
   </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Persistence</string>
+          <string>PersistentMapping</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_container</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>Access contents information</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Change local roles</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Modify portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>View</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/hidden.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/hidden.xml
index 9a164c7fc2ba3aac2c3a18c90d1ea046f07828d4..361595d98b7702bdc23521795090173771147060 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/hidden.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/hidden.xml
@@ -26,6 +26,12 @@
             <key> <string>id</string> </key>
             <value> <string>hidden</string> </value>
         </item>
+        <item>
+            <key> <string>permission_roles</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>title</string> </key>
             <value> <string>Hidden</string> </value>
@@ -48,4 +54,76 @@
       </dictionary>
     </pickle>
   </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Persistence</string>
+          <string>PersistentMapping</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_container</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>Access contents information</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Change local roles</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Modify portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>View</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/public.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/public.xml
index 7a74cb234223be919419246681cc07ba0d7d4db5..ed886bff887776c2506eea1c7fd0a7db76c0354b 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/public.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/public.xml
@@ -26,6 +26,12 @@
             <key> <string>id</string> </key>
             <value> <string>public</string> </value>
         </item>
+        <item>
+            <key> <string>permission_roles</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>title</string> </key>
             <value> <string>Public</string> </value>
@@ -50,4 +56,80 @@
       </dictionary>
     </pickle>
   </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Persistence</string>
+          <string>PersistentMapping</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_container</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>Access contents information</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Anonymous</string>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Associate</string>
+                        <string>Auditor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Change local roles</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Modify portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>View</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Anonymous</string>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Associate</string>
+                        <string>Auditor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released.xml
index 298398a4f675fe222448e81511dee5f9b5a2688d..261d021a164eab60a5d9069301cba1675c1f2693 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/released.xml
@@ -26,6 +26,12 @@
             <key> <string>id</string> </key>
             <value> <string>released</string> </value>
         </item>
+        <item>
+            <key> <string>permission_roles</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>title</string> </key>
             <value> <string>Released</string> </value>
@@ -52,4 +58,78 @@
       </dictionary>
     </pickle>
   </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Persistence</string>
+          <string>PersistentMapping</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_container</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>Access contents information</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Associate</string>
+                        <string>Auditor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Change local roles</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Modify portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>View</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Associate</string>
+                        <string>Auditor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml
new file mode 100644
index 0000000000000000000000000000000000000000..51306d28b379bf5d33e4309526d1bebd48638869
--- /dev/null
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml
@@ -0,0 +1,139 @@
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.DCWorkflow.States</string>
+          <string>StateDefinition</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>__ac_local_roles__</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_owner</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>shared</string> </value>
+        </item>
+        <item>
+            <key> <string>permission_roles</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>transitions</string> </key>
+            <value>
+              <tuple>
+                <string>archive</string>
+                <string>archive_action</string>
+                <string>retract</string>
+                <string>retract_action</string>
+                <string>submit</string>
+                <string>submit_action</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>type_list</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Persistence</string>
+          <string>PersistentMapping</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_container</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>Access contents information</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Associate</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Change local roles</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Modify portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>View</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Associate</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml
index 7e4792f782c3cb3d892f85b309d30b6959eb236e..0709fad453df802441511c1da8e6c0f4163013c9 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml
@@ -26,6 +26,12 @@
             <key> <string>id</string> </key>
             <value> <string>submitted</string> </value>
         </item>
+        <item>
+            <key> <string>permission_roles</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>title</string> </key>
             <value> <string>Submitted</string> </value>
@@ -54,4 +60,74 @@
       </dictionary>
     </pickle>
   </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Persistence</string>
+          <string>PersistentMapping</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_container</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>Access contents information</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Change local roles</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Modify portal content</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>View</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/release_action.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/release_action.xml
index ec61748a39049ad6560fb88978402b32d72909ef..9427e1f9a631edde6f5cb981d17e31c0aeabc045 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/release_action.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/release_action.xml
@@ -79,12 +79,6 @@
     </pickle>
     <pickle>
       <dictionary>
-        <item>
-            <key> <string>expr</string> </key>
-            <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
-            </value>
-        </item>
         <item>
             <key> <string>roles</string> </key>
             <value>
@@ -96,23 +90,4 @@
       </dictionary>
     </pickle>
   </record>
-  <record id="3" aka="AAAAAAAAAAM=">
-    <pickle>
-      <tuple>
-        <tuple>
-          <string>Products.CMFCore.Expression</string>
-          <string>Expression</string>
-        </tuple>
-        <none/>
-      </tuple>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>text</string> </key>
-            <value> <string>here/Document_securityIsOwnerOrAssignor</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
 </ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/collaborate.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract.xml
similarity index 94%
rename from bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/collaborate.xml
rename to bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract.xml
index 2cbd2af4b9f04805d4f0efbb8c7a3f84924f683d..30f57116e9ce0de5cf92d0065a919c7a64673f47 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/collaborate.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract.xml
@@ -52,11 +52,11 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>collaborate</string> </value>
+            <value> <string>retract</string> </value>
         </item>
         <item>
             <key> <string>new_state_id</string> </key>
-            <value> <string>collaborated</string> </value>
+            <value> <string>draft</string> </value>
         </item>
         <item>
             <key> <string>script_name</string> </key>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract_action.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract_action.xml
new file mode 100644
index 0000000000000000000000000000000000000000..5683e1ee064930a25fbc2b3d41824bfb6c7d031d
--- /dev/null
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract_action.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.DCWorkflow.Transitions</string>
+          <string>TransitionDefinition</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>__ac_local_roles__</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_owner</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>actbox_category</string> </key>
+            <value> <string>workflow</string> </value>
+        </item>
+        <item>
+            <key> <string>actbox_name</string> </key>
+            <value> <string>Retract</string> </value>
+        </item>
+        <item>
+            <key> <string>actbox_url</string> </key>
+            <value> <string>%(content_url)s/BaseWorkflow_viewWorkflowActionDialog?workflow_action=retract_action</string> </value>
+        </item>
+        <item>
+            <key> <string>after_script_name</string> </key>
+            <value> <string>retract</string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>guard</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>retract_action</string> </value>
+        </item>
+        <item>
+            <key> <string>new_state_id</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>script_name</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>trigger_type</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.DCWorkflow.Guard</string>
+          <string>Guard</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>roles</string> </key>
+            <value>
+              <tuple>
+                <string>Assignee</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share.xml
new file mode 100644
index 0000000000000000000000000000000000000000..c150d767158008c18429a1559aae1964166dc048
--- /dev/null
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.DCWorkflow.Transitions</string>
+          <string>TransitionDefinition</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>__ac_local_roles__</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_owner</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>actbox_category</string> </key>
+            <value> <string>workflow</string> </value>
+        </item>
+        <item>
+            <key> <string>actbox_name</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>actbox_url</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>after_script_name</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>guard</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>share</string> </value>
+        </item>
+        <item>
+            <key> <string>new_state_id</string> </key>
+            <value> <string>shared</string> </value>
+        </item>
+        <item>
+            <key> <string>script_name</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>trigger_type</string> </key>
+            <value> <int>2</int> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/collaborate_action.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml
similarity index 83%
rename from bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/collaborate_action.xml
rename to bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml
index 306b6cdbe456c5faa13e28b75be350ea2b7ba090..a750ee84bfb6d1b1828f736c2bafbe9920a1a58c 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/collaborate_action.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml
@@ -30,15 +30,15 @@
         </item>
         <item>
             <key> <string>actbox_name</string> </key>
-            <value> <string>Collaborate</string> </value>
+            <value> <string>Share</string> </value>
         </item>
         <item>
             <key> <string>actbox_url</string> </key>
-            <value> <string>%(content_url)s/BaseWorkflow_viewWorkflowActionDialog?workflow_action=hide_action</string> </value>
+            <value> <string>%(content_url)s/BaseWorkflow_viewWorkflowActionDialog?workflow_action=share_action</string> </value>
         </item>
         <item>
             <key> <string>after_script_name</string> </key>
-            <value> <string>collaborate</string> </value>
+            <value> <string>share</string> </value>
         </item>
         <item>
             <key> <string>description</string> </key>
@@ -52,7 +52,7 @@
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>collaborate_action</string> </value>
+            <value> <string>share_action</string> </value>
         </item>
         <item>
             <key> <string>new_state_id</string> </key>
@@ -91,6 +91,15 @@
               <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
             </value>
         </item>
+        <item>
+            <key> <string>roles</string> </key>
+            <value>
+              <tuple>
+                <string>Assignee</string>
+                <string>Owner</string>
+              </tuple>
+            </value>
+        </item>
       </dictionary>
     </pickle>
   </record>
@@ -108,7 +117,7 @@
       <dictionary>
         <item>
             <key> <string>text</string> </key>
-            <value> <string>python: here.isMemberOf(\'classification/collaborative\')</string> </value>
+            <value> <string>python:here.isMemberOf(\'classification/personal\')</string> </value>
         </item>
       </dictionary>
     </pickle>