diff --git a/master/bt5/slapos_erp5/LocalRolesTemplateItem/computer_model_module.xml b/master/bt5/slapos_erp5/LocalRolesTemplateItem/computer_model_module.xml
index 944a11eaba8bc6b8bb265aba00edef171e5562a6..b18ad9b21bfd60b8de272110e95c5c08cf4cb096 100644
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/computer_model_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/computer_model_module.xml
@@ -1,22 +1,22 @@
 <local_roles_item>
  <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
    <item>Auditor</item>
-   <item>Author</item>
   </role>
-  <role id='R-MEMBER'>
+  <role id='F-PRODUCTION*'>
    <item>Auditor</item>
    <item>Author</item>
   </role>
+  <role id='R-SHADOW-PERSON'>
+   <item>Auditor</item>
+  </role>
  </local_roles>
  <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-CUSTOMER'>Auditor</principal>
   </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
+  <local_role_group_id id='shadow'>
+    <principal id='R-SHADOW-PERSON'>Auditor</principal>
   </local_role_group_id>
  </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
diff --git a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Model%20Module.xml b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Model%20Module.xml
index 9bc65855ed198e8563101f1c3369362472238b54..b715403a5e798ff1fccd479f96d6af5857674dbb 100644
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Model%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Model%20Module.xml
@@ -1,14 +1,19 @@
 <type_roles>
-  <role id='Auditor; Author'>
-   <property id='title'>Group Company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-  <role id='Auditor; Author'>
+  <role id='Auditor'>
    <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+  <role id='Auditor'>
+   <property id='title'>Person Shadow</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
+   <multi_property id='category'>role/shadow/person</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
+  <role id='Auditor; Author'>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
diff --git a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Model.xml b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Model.xml
index b698128537c51535a702ae56eedbee8a12ff2881..f186cca9b708348295326ff9c6f9795ffe37e5fb 100644
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Model.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Model.xml
@@ -1,15 +1,32 @@
 <type_roles>
+  <role id='Auditor'>
+   <property id='title'>Person Shadow</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
+   <multi_property id='category'>role/shadow/person</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
+  <role id='Auditor'>
+   <property id='title'>Project Customer</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
+  </role>
   <role id='Assignee'>
-   <property id='title'>Compute Node Agent</property>
-   <property id='description'>Monovalued role</property>
+   <property id='title'>Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='base_category'>source_administration</multi_property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
   </role>
   <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
   </role>
 </type_roles>
\ No newline at end of file
diff --git a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
index 9e2004f168f09ed8c6123437f5f3df4ea5ab13c1..730cbdb5febfb7f55a21fe60910718c701569e99 100644
--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
@@ -134,36 +134,45 @@ class TestComputeNode(TestSlapOSGroupRoleSecurityMixin):
 
 
 class TestComputerModel(TestSlapOSGroupRoleSecurityMixin):
-  def test_GroupCompany(self):
+  def test_default(self):
     model = self.portal.computer_model_module.newContent(
         portal_type='Computer Model')
     model.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(model,
-        ['G-COMPANY', self.user_id], False)
-    self.assertRoles(model, 'G-COMPANY', ['Assignor'])
+        ['R-SHADOW-PERSON', self.user_id], False)
+    self.assertRoles(model, 'R-SHADOW-PERSON', ['Auditor'])
     self.assertRoles(model, self.user_id, ['Owner'])
 
-  def test_ComputeNodeAgent(self):
-    reference = 'TESTPERSON-%s' % self.generateNewId()
-    person = self.portal.person_module.newContent(portal_type='Person',
-        reference=reference)
-    model = self.portal.computer_model_module.newContent(
+  def test_ProjectMember(self):
+    project = self.addProject()
+    compute_node = self.portal.computer_model_module.newContent(
         portal_type='Computer Model',
-        source_administration=person.getRelativeUrl())
-    model.updateLocalRolesOnSecurityGroups()
-    self.assertSecurityGroup(model,
-        ['G-COMPANY', self.user_id, person.getUserId()], False)
-    self.assertRoles(model, person.getUserId(), ['Assignee'])
-    self.assertRoles(model, self.user_id, ['Owner'])
+        follow_up_value=project)
+
+    compute_node.updateLocalRolesOnSecurityGroups()
+    self.assertSecurityGroup(compute_node, [
+      self.user_id,
+      'R-SHADOW-PERSON',
+      '%s_F-PRODAGNT' % project.getReference(),
+      '%s_F-PRODMAN' % project.getReference(),
+      '%s_F-CUSTOMER' % project.getReference(),
+    ], False)
+    self.assertRoles(compute_node, self.user_id, ['Owner'])
+    self.assertRoles(compute_node, 'R-SHADOW-PERSON', ['Auditor'])
+    self.assertRoles(compute_node, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
+    self.assertRoles(compute_node, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
+    self.assertRoles(compute_node, '%s_F-CUSTOMER' % project.getReference(), ['Auditor'])
 
 class TestComputerModelModule(TestSlapOSGroupRoleSecurityMixin):
   def test(self):
     module = self.portal.computer_model_module
     self.changeOwnership(module)
     self.assertSecurityGroup(module,
-        ['G-COMPANY', 'R-MEMBER', self.user_id], False)
-    self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
-    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
+        ['F-PRODUCTION*', 'F-CUSTOMER', 'R-SHADOW-PERSON', self.user_id],
+        False)
+    self.assertRoles(module, 'F-CUSTOMER', ['Auditor'])
+    self.assertRoles(module, 'F-PRODUCTION*', ['Auditor', 'Author'])
+    self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
     self.assertRoles(module, self.user_id, ['Owner'])
 
 class TestComputerModule(TestSlapOSGroupRoleSecurityMixin):