slapos_erp5:

* slapos member user are not allowed anymore to create compute node * no need to create a dedicated local_roles from compute node source_administration Only slapos manager will handle compute nodes * duplicate test_default_scenario to happily break it * drop friend/personal in new scenario test * all members can allocation on all compute nodes * give user security group based on function (to access some module) and project/function (to access documents) * only a project computer manager can create compute nodes * only project computer manager is assignor on compute node * need a project assignment to create a compute node * drop group security on Instance Tree * drop group security from Software Instance * project member only need Auditor role on it * add customer project assignment * remove source_administration interaction workflow on Compute Node and add follow_up instead * Software Installation: move interaction workflow from destination_section to follow_up * give role on Software Installation to Project Compute Node Manager * shadow user do not need access to Compute Node anymore * only project comp manager can create SOftware Installation * project customer can create software instance * project customer can create instance tree * project people can only view the project module * also check PAS plugins which are not supposed to be activated * drop PAS shadow user plugins * drop shadow access from compute node module * drop shadow from compute node module * drop shadow role from computer module * drop shadow role from person* portal types * drop shadow role on project module * Revert "slapos_erp5: drop PAS shadow user plugins" Needed for accounting * Revert "slapos_erp5: drop shadow role from person* portal types" * drop Modification permissions if document uses an automated ledger * source_administration is not used anymore on Compute Node * drop transfer from another Project * drop allocation_scope/open categories * drop Item_getSecurityCategoryFromMovementDestinationSection * drop Item_getSecurityCategoryFromMovementDestinationSection * drop Item_getSecurityCategoryFromMovementDestinationProject * drop Item_getSecurityCategoryFromMovementDestination * drop SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestinationProject * drop ERP5Type_getSecurityCategoryFromAssignmentDestinationClientOrganisation * switch event/ticket roles to virtual master security * drop Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection * drop Event_getSecurityCategoryFromMovementFollowUpAggregateDestination * delete Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject * drop Item_getSecurityCategoryFromMovementAggregateDestinationProject * drop Item_getSecurityCategoryFromMovementAggregateDestinationSection * drop Item_getSecurityCategoryFromMovementAggregateDestination * drop Item_getSecurityCategoryFromMovementAggregateComputeNodeDestinationSection * drop SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestination * drop Item_getSecurityCategoryFromMovementLineAggregateDestinationProject * drop Item_getSecurityCategoryFromMovementLineAggregateDestination * drop Item_getSecurityCategoryFromMovementLineAggregateComputeNodeDestinationSection * provide access to Compute Node Manager on Upgrade Decision * delivery/movement must use source_project instead of follow_up * delivery/movement must use source_project instead of follow_up * drop query module security * drop Compute Partition roles It must be visible by all project members * instance of the project can access compute nodes * do not make Credit Card readable * drop data set security * only accountant can create/update Account * add function local_role_group * use function local_role_group on Account * use function local_role_group on account * only accountant can read/write accounting transactions. Ledger is used as write condition * accounting period are only readable/writable by accountant * accounting period are only readable/writable by accountant * provide access on compute node to project customer/production * give read access to project production * provide access to production on software installation * switch admin to production manager in tests * no need for group/role in assignment. Use parent function too * provide access to function/production on Instance Tree * provide access to instance for function/production users * provide access to function/production* on support request * provide access to function/production on event module * provide access to regularisation request to function/production * drop roles for DMS portal types It does not seem used. * provide read/write access to function/production to Computer Network * provide access to function/is to System Event * provide access to function/is on Assignment * provide access to person module * provide read only access to project/customer on software product * provide readonly access to project/customer on software release * test set server allocation_scope to open * provide readonly access for project/customer on accounting module * provide readonly access for project/customer on compute node module * use source/destination_project on event/ticket/delivery * security for Subscription Request * production agent/manager can not create Software Instance * drop slap_add_compute_node page * drop slap_project_list page * drop drop slap_transfer_compute_node (and project_view) * drop slap_compute_node_view page

slapos_erp5:
* slapos member user are not allowed anymore to create compute node * no need to create a dedicated local_roles from compute node source_administration Only slapos manager will handle compute nodes * duplicate test_default_scenario to happily break it * drop friend/personal in new scenario test * all members can allocation on all compute nodes * give user security group based on function (to access some module) and project/function (to access documents) * only a project computer manager can create compute nodes * only project computer manager is assignor on compute node * need a project assignment to create a compute node * drop group security on Instance Tree * drop group security from Software Instance * project member only need Auditor role on it * add customer project assignment * remove source_administration interaction workflow on Compute Node and add follow_up instead * Software Installation: move interaction workflow from destination_section to follow_up * give role on Software Installation to Project Compute Node Manager * shadow user do not need access to Compute Node anymore * only project comp manager can create SOftware Installation * project customer can create software instance * project customer can create instance tree * project people can only view the project module * also check PAS plugins which are not supposed to be activated * drop PAS shadow user plugins * drop shadow access from compute node module * drop shadow from compute node module * drop shadow role from computer module * drop shadow role from person* portal types * drop shadow role on project module * Revert "slapos_erp5: drop PAS shadow user plugins" Needed for accounting * Revert "slapos_erp5: drop shadow role from person* portal types" * drop Modification permissions if document uses an automated ledger * source_administration is not used anymore on Compute Node * drop transfer from another Project * drop allocation_scope/open categories * drop Item_getSecurityCategoryFromMovementDestinationSection * drop Item_getSecurityCategoryFromMovementDestinationSection * drop Item_getSecurityCategoryFromMovementDestinationProject * drop Item_getSecurityCategoryFromMovementDestination * drop SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestinationProject * drop ERP5Type_getSecurityCategoryFromAssignmentDestinationClientOrganisation * switch event/ticket roles to virtual master security * drop Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection * drop Event_getSecurityCategoryFromMovementFollowUpAggregateDestination * delete Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject * drop Item_getSecurityCategoryFromMovementAggregateDestinationProject * drop Item_getSecurityCategoryFromMovementAggregateDestinationSection * drop Item_getSecurityCategoryFromMovementAggregateDestination * drop Item_getSecurityCategoryFromMovementAggregateComputeNodeDestinationSection * drop SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestination * drop Item_getSecurityCategoryFromMovementLineAggregateDestinationProject * drop Item_getSecurityCategoryFromMovementLineAggregateDestination * drop Item_getSecurityCategoryFromMovementLineAggregateComputeNodeDestinationSection * provide access to Compute Node Manager on Upgrade Decision * delivery/movement must use source_project instead of follow_up * delivery/movement must use source_project instead of follow_up * drop query module security * drop Compute Partition roles It must be visible by all project members * instance of the project can access compute nodes * do not make Credit Card readable * drop data set security * only accountant can create/update Account * add function local_role_group * use function local_role_group on Account * use function local_role_group on account * only accountant can read/write accounting transactions. Ledger is used as write condition * accounting period are only readable/writable by accountant * accounting period are only readable/writable by accountant * provide access on compute node to project customer/production * give read access to project production * provide access to production on software installation * switch admin to production manager in tests * no need for group/role in assignment. Use parent function too * provide access to function/production on Instance Tree * provide access to instance for function/production users * provide access to function/production* on support request * provide access to function/production on event module * provide access to regularisation request to function/production * drop roles for DMS portal types It does not seem used. * provide read/write access to function/production to Computer Network * provide access to function/is to System Event * provide access to function/is on Assignment * provide access to person module * provide read only access to project/customer on software product * provide readonly access to project/customer on software release * test set server allocation_scope to open * provide readonly access for project/customer on accounting module * provide readonly access for project/customer on compute node module * use source/destination_project on event/ticket/delivery * security for Subscription Request * production agent/manager can not create Software Instance * drop slap_add_compute_node page * drop slap_project_list page * drop drop slap_transfer_compute_node (and project_view) * drop slap_compute_node_view page
056125d1 · Romain Courteaud · 6b28c897 · 056125d1 · 056125d1 · 056125d1
Commit 056125d1 authored May 23, 2022 by Romain Courteaud
146 changed files
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
@@ -9,9 +9,9 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
+    <principal id='F-ACCOUNTING'>Author</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/bank.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/bank.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/capital.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/capital.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/coll_vat.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/coll_vat.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/equipments.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/equipments.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/inventories.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/inventories.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/payable.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/payable.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/payment_to_encash.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/payment_to_encash.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/profit_loss.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/profit_loss.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/purchase.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/purchase.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/receivable.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/receivable.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/refundable_vat.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/refundable_vat.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/sales.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/account_module/sales.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Assignor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -8,8 +8,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Assignor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-ACCOUNTING'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
-  <role id='R-MEMBER'>
+  <role id='F-CUSTOMER'>
+   <item>Auditor</item>
+  </role>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -12,15 +15,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Assignor</principal>
  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-  </local_role_group_id>
 </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/slapos_pre_payment_template.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/slapos_pre_payment_template.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
   <item>Assignee</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Assignee</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/slapos_wechat_pre_payment_template.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/slapos_wechat_pre_payment_template.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
   <item>Assignee</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Assignee</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_contract_sale_invoice_transaction.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_contract_sale_invoice_transaction.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
   <item>Assignee</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Assignee</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_pre_payment_subscription_sale_invoice_transaction.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_pre_payment_subscription_sale_invoice_transaction.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
   <item>Assignee</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Assignee</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_sale_invoice_transaction.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_sale_invoice_transaction.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
   <item>Assignee</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Assignee</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_wechat_pre_payment_subscription_sale_invoice_transaction.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module/template_wechat_pre_payment_subscription_sale_invoice_transaction.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
-   <item>Assignor</item>
+  <role id='F-ACCOUNTING'>
+   <item>Auditor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
   <item>Assignee</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Assignor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-ACCOUNTING'>Auditor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Assignee</principal>

--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/compute_node_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/compute_node_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
-   <item>Auditor</item>
-   <item>Author</item>
-  </role>
-  <role id='R-COMPUTER'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
  </role>
-  <role id='R-MEMBER'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
-  <role id='R-SHADOW-PERSON'>
+  <role id='R-COMPUTER'>
   <item>Auditor</item>
  </role>
 </local_roles>
@@ -19,16 +15,5 @@
  <local_role_group_id id='computer'>
    <principal id='R-COMPUTER'>Auditor</principal>
  </local_role_group_id>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='shadow'>
-    <principal id='R-SHADOW-PERSON'>Auditor</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
-  </local_role_group_id>
 </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/computer_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/computer_module.xml
 <local_roles_item>
 <local_roles>
+  <role id='G-COMPANY'>
+   <item>Auditor</item>
+  </role>
+  <role id='R-COMPUTER'>
+   <item>Auditor</item>
+  </role>
+  <role id='R-MEMBER'>
+   <item>Auditor</item>
+  </role>
 </local_roles>
+ <local_role_group_ids>
+  <local_role_group_id id='computer'>
+    <principal id='R-COMPUTER'>Auditor</principal>
+  </local_role_group_id>
+  <local_role_group_id id='group'>
+    <principal id='G-COMPANY'>Auditor</principal>
+  </local_role_group_id>
+  <local_role_group_id id='user'>
+    <principal id='R-MEMBER'>Auditor</principal>
+  </local_role_group_id>
+ </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/computer_network_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/computer_network_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
-   <item>Author</item>
  </role>
-  <role id='R-MEMBER'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
@@ -13,16 +12,11 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-CUSTOMER'>Auditor</principal>
  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>
  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
-  </local_role_group_id>
 </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/data_set_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/data_set_module.xml
-<local_roles_item>
- <local_roles>
-  <role id='G-COMPANY'>
-   <item>Auditor</item>
-   <item>Author</item>
-  </role>
- </local_roles>
- <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
- </local_role_group_ids>
-</local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/event_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/event_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
-  <role id='R-MEMBER'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-CUSTOMER'>Auditor</principal>
+    <principal id='F-CUSTOMER'>Author</principal>
  </local_role_group_id>
 </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/instance_tree_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/instance_tree_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
-  <role id='R-COMPUTER'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
  </role>
-  <role id='R-INSTANCE'>
+  <role id='R-COMPUTER'>
   <item>Auditor</item>
  </role>
-  <role id='R-MEMBER'>
+  <role id='R-INSTANCE'>
   <item>Auditor</item>
-   <item>Author</item>
  </role>
 </local_roles>
- <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
-  </local_role_group_id>
- </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/person_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/person_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
-   <item>Author</item>
  </role>
-  <role id='R-MEMBER'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
@@ -12,15 +11,8 @@
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Auditor</principal>
  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-  </local_role_group_id>
 </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/project_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/project_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
-   <item>Author</item>
  </role>
-  <role id='R-COMPUTER'>
-   <item>Auditor</item>
-  </role>
-  <role id='R-MEMBER'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
-   <item>Author</item>
  </role>
-  <role id='R-SHADOW-PERSON'>
+  <role id='R-COMPUTER'>
   <item>Auditor</item>
  </role>
 </local_roles>
- <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='shadow'>
-    <principal id='R-SHADOW-PERSON'>Auditor</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
-  </local_role_group_id>
- </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/regularisation_request_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/regularisation_request_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
-   <item>Author</item>
  </role>
-  <role id='R-MEMBER'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-CUSTOMER'>Auditor</principal>
  </local_role_group_id>
 </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/software_installation_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/software_installation_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
  <role id='R-COMPUTER'>
   <item>Auditor</item>
  </role>
-  <role id='R-MEMBER'>
-   <item>Auditor</item>
-   <item>Author</item>
-  </role>
 </local_roles>
 <local_role_group_ids>
  <local_role_group_id id='computer'>
    <principal id='R-COMPUTER'>Auditor</principal>
  </local_role_group_id>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
-  </local_role_group_id>
 </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/software_instance_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/software_instance_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
-  <role id='R-COMPUTER'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
  </role>
-  <role id='R-INSTANCE'>
+  <role id='R-COMPUTER'>
   <item>Auditor</item>
-   <item>Author</item>
  </role>
-  <role id='R-MEMBER'>
+  <role id='R-INSTANCE'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
 </local_roles>
- <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
-  </local_role_group_id>
- </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/software_product_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/software_product_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
-   <item>Author</item>
  </role>
-  <role id='R-MEMBER'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
  </role>
 </local_roles>
- <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-  </local_role_group_id>
- </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/software_release_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/software_release_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
-   <item>Author</item>
-  </role>
-  <role id='R-MEMBER'>
-   <item>Auditor</item>
-   <item>Author</item>
  </role>
 </local_roles>
- <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
-  </local_role_group_id>
- </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/subscription_request_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/subscription_request_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
-   <item>Author</item>
  </role>
 </local_roles>
- <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
- </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/support_request_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/support_request_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-CUSTOMER'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
-  <role id='R-MEMBER'>
+  <role id='F-PRODUCTION*'>
   <item>Auditor</item>
   <item>Author</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
-  <local_role_group_id id='user'>
-    <principal id='R-MEMBER'>Auditor</principal>
-    <principal id='R-MEMBER'>Author</principal>
+  <local_role_group_id id='function'>
+    <principal id='F-CUSTOMER'>Auditor</principal>
+    <principal id='F-CUSTOMER'>Author</principal>
  </local_role_group_id>
 </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/system_event_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/system_event_module.xml
 <local_roles_item>
 <local_roles>
-  <role id='G-COMPANY'>
+  <role id='F-IS*'>
   <item>Auditor</item>
-   <item>Author</item>
  </role>
  <role id='R-SHADOW-PERSON'>
   <item>Author</item>
  </role>
 </local_roles>
 <local_role_group_ids>
-  <local_role_group_id id='group'>
-    <principal id='G-COMPANY'>Auditor</principal>
-    <principal id='G-COMPANY'>Author</principal>
-  </local_role_group_id>
  <local_role_group_id id='shadow'>
    <principal id='R-SHADOW-PERSON'>Author</principal>
  </local_role_group_id>

--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputerModel_edit.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputerModel_edit.xml
@@ -2,65 +2,76 @@
 <ZopeData>
  <record id="1" aka="AAAAAAAAAAE=">
    <pickle>
-      <global name="Interaction Workflow Interaction" module="erp5.portal_type"/>
+      <global name="Category" module="erp5.portal_type"/>
    </pickle>
    <pickle>
      <dictionary>
        <item>
-            <key> <string>categories</string> </key>
+            <key> <string>_Add_portal_content_Permission</string> </key>
            <value>
              <tuple>
-                <string>before_commit_script/portal_workflow/local_permission_slapos_interaction_workflow/script_Base_updateAllLocalRoles</string>
+                <string>Assignor</string>
+                <string>Manager</string>
              </tuple>
            </value>
        </item>
        <item>
-            <key> <string>description</string> </key>
+            <key> <string>_Add_portal_folders_Permission</string> </key>
            <value>
-              <none/>
+              <tuple>
+                <string>Assignor</string>
+                <string>Manager</string>
+              </tuple>
            </value>
        </item>
        <item>
-            <key> <string>id</string> </key>
-            <value> <string>interaction_ComputerModel_edit</string> </value>
-        </item>
-        <item>
-            <key> <string>portal_type</string> </key>
-            <value> <string>Interaction Workflow Interaction</string> </value>
-        </item>
-        <item>
-            <key> <string>portal_type_filter</string> </key>
+            <key> <string>_Copy_or_Move_Permission</string> </key>
            <value>
              <tuple>
-                <string>Computer Model</string>
+                <string>Assignor</string>
+                <string>Manager</string>
              </tuple>
            </value>
        </item>
        <item>
-            <key> <string>portal_type_group_filter</string> </key>
+            <key> <string>_Delete_objects_Permission</string> </key>
            <value>
-              <tuple/>
+              <tuple>
+                <string>Assignor</string>
+                <string>Manager</string>
+              </tuple>
            </value>
        </item>
        <item>
-            <key> <string>temporary_document_disallowed</string> </key>
-            <value> <int>1</int> </value>
-        </item>
-        <item>
-            <key> <string>trigger_method_id</string> </key>
+            <key> <string>_Modify_portal_content_Permission</string> </key>
            <value>
              <tuple>
-                <string>_setSourceAdministration.*</string>
+                <string>Assignee</string>
+                <string>Assignor</string>
+                <string>Manager</string>
+                <string>Owner</string>
              </tuple>
            </value>
        </item>
        <item>
-            <key> <string>trigger_once_per_transaction</string> </key>
-            <value> <int>1</int> </value>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>function</string> </value>
        </item>
        <item>
-            <key> <string>trigger_type</string> </key>
-            <value> <int>2</int> </value>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Category</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value>
+              <none/>
+            </value>
        </item>
      </dictionary>
    </pickle>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Account%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Account%20Module.xml
 <type_roles>
  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Accountant</property>
+   <property id='description'>Any accountant or accountant manager may create accounts and access accounts</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Auditor'>
   <property id='title'>Person Shadow</property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Account.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Account.xml
 <type_roles>
  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Accountant</property>
+   <property id='description'>Only the accountant can validate new accounts.</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Auditor'>
   <property id='title'>Person Shadow</property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Period.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Period.xml
 <type_roles>
  <role id='Assignor'>
-   <property id='title'>Company group</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Accountant</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction%20Module.xml
 <type_roles>
  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Accountant</property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Auditor'>
   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Assignor'>
   <property id='title'>Person Shadow</property>
@@ -17,4 +15,9 @@
   <multi_property id='category'>role/shadow/person</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction.xml
 <type_roles>
+  <role id='Auditor'>
+   <property id='title'>ReadOnly for Accountant</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Writable for Accountant</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Acknowledgement.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Acknowledgement.xml
@@ -15,28 +15,36 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>source</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Assignment.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Assignment.xml
 <type_roles>
-  <role id='Auditor; Assignor'>
-   <property id='title'>Company group</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Auditor'>
+   <property id='title'>Information System</property>
+   <property id='description'>XXX local role group</property>
+   <multi_property id='category'>function/is*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Balance%20Transaction.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Balance%20Transaction.xml
 <type_roles>
+  <role id='Auditor'>
+   <property id='title'>ReadOnly for Accountant</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Writable for Accountant</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Compute%20Node%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Compute%20Node%20Module.xml
@@ -5,22 +5,14 @@
   <multi_property id='category'>role/computer</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-  <role id='Auditor; Author'>
+  <role id='Auditor'>
   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Person Shadow</property>
-   <multi_property id='categories'>local_role_group/shadow</multi_property>
-   <multi_property id='category'>role/shadow/person</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+  <role id='Auditor; Author'>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Compute%20Node.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Compute%20Node.xml
 <type_roles>
  <role id='Auditor'>
-   <property id='title'>Allocation scope</property>
-   <property id='condition'>python: here.getAllocationScope('').startswith('open')</property>
-   <property id='base_category_script'>ComputeNode_getSecurityCategoryFromAllocationScope</property>
-   <multi_property id='categories'>local_role_group/shadow</multi_property>
-   <multi_property id='base_category'>aggregate</multi_property>
+   <property id='title'>Project Customer</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
  <role id='Assignee'>
-   <property id='title'>Compute Node Agent</property>
-   <property id='description'>Monovalued role</property>
+   <property id='title'>Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='base_category'>source_administration</multi_property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-  <role id='Assignee'>
-   <property id='title'>Organisation Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
-  </role>
-  <role id='Assignee'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+   <property id='title'>Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
  <role id='Assignor'>
   <property id='title'>Self Compute Node</property>
@@ -38,4 +30,11 @@
   <multi_property id='categories'>local_role_group/computer</multi_property>
   <multi_property id='base_category'>destination_decision</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>Software Instance</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>role/instance</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Compute%20Partition.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Compute%20Partition.xml
-<type_roles>
-  <role id='Auditor'>
-   <property id='title'>Customer of the partition</property>
-   <property id='condition'>python: here.getSlapState() == "busy"</property>
-   <property id='base_category_script'>ComputePartition_getSecurityCategoryFromUser</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
-  </role>
-  <role id='Auditor'>
-   <property id='title'>Software Instance group related to Compute Partition</property>
-   <property id='condition'>python: here.getSlapState() == "busy"</property>
-   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAggregateRelatedSoftwareInstanceInstanceTree</property>
-   <multi_property id='categories'>local_role_group/subscription</multi_property>
-   <multi_property id='base_category'>aggregate</multi_property>
-  </role>
-</type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Module.xml
@@ -17,10 +17,4 @@
   <multi_property id='category'>role/member</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Person Shadow</property>
-   <multi_property id='categories'>local_role_group/shadow</multi_property>
-   <multi_property id='category'>role/shadow/person</multi_property>
-   <multi_property id='base_category'>role</multi_property>
-  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Network%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Network%20Module.xml
 <type_roles>
-  <role id='Auditor; Author'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-  <role id='Auditor; Author'>
+  <role id='Auditor'>
   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Auditor'>
   <property id='title'>Person Shadow</property>
@@ -17,4 +11,9 @@
   <multi_property id='category'>role/shadow/person</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Auditor; Author'>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml
 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-  <role id='Assignee'>
-   <property id='title'>Organisation Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
-  </role>
-  <role id='Assignee'>
-   <property id='title'>Person Owner</property>
-   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='base_category'>source_administration</multi_property>
-  </role>
  <role id='Auditor'>
   <property id='title'>Person Shadow</property>
   <multi_property id='categories'>local_role_group/shadow</multi_property>
   <multi_property id='category'>role/shadow/person</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>Project Customer</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
+  </role>
  <role id='Assignee'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+   <property id='title'>Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
+  </role>
+  <role id='Assignor'>
+   <property id='title'>Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Credit%20Card.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Credit%20Card.xml
 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Data%20Set%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Data%20Set%20Module.xml
-<type_roles>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-</type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Data%20Set.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Data%20Set.xml
-<type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-</type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Event%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Event%20Module.xml
 <type_roles>
  <role id='Auditor; Author'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Member</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Auditor; Author'>
-   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Fax%20Message.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Fax%20Message.xml
@@ -15,28 +15,36 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>source</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Incident%20Response.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Incident%20Response.xml
 <type_roles>
  <role id='Assignor'>
-   <property id='title'>Company group</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Project Compute Node Manager</property>
+   <property id='description'>XXX project local role group</property>
+   <property id='condition'>python: context.getSourceProject("", portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/computer/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Instance%20Tree%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Instance%20Tree%20Module.xml
@@ -4,21 +4,19 @@
   <multi_property id='category'>role/computer</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
-  <role id='Author; Auditor'>
-   <property id='title'>Group Company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Auditor'>
   <property id='title'>Instance</property>
   <multi_property id='category'>role/instance</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
  <role id='Auditor; Author'>
-   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <property id='title'>Project Customer</property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Instance%20Tree.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Instance%20Tree.xml
@@ -5,23 +5,21 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>destination_section</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group Company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Assignee'>
-   <property id='title'>Organisation Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+   <property id='title'>Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
-  <role id='Assignee'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
  <role id='Assignee'>
   <property id='title'>Related Software Instance Group</property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Letter.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Letter.xml
@@ -15,28 +15,36 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>source</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Mail%20Message.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Mail%20Message.xml
@@ -15,28 +15,36 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>source</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Note.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Note.xml
@@ -15,28 +15,36 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>source</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Open%20Sale%20Order.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Open%20Sale%20Order.xml
 <type_roles>
  <role id='Assignor'>
   <property id='title'>Group company</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
   <multi_property id='categories'>local_role_group/group</multi_property>
   <multi_property id='category'>group/company</multi_property>
   <multi_property id='base_category'>group</multi_property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml
 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Assignee'>
   <property id='title'>Person Shadow</property>
   <property id='condition'>python: here.getDestinationSection('', portal_type='Person') == ""</property>
@@ -12,6 +6,13 @@
   <multi_property id='category'>role/shadow/person</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>ReadOnly for Accountant</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
  <role id='Auditor'>
   <property id='title'>Shadow User</property>
   <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
@@ -21,9 +22,16 @@
  </role>
  <role id='Auditor'>
   <property id='title'>User</property>
-   <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
+   <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != '') and (context.getLedger("") == "automated")</property>
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>destination_section</multi_property>
  </role>
+  <role id='Assignor'>
+   <property id='title'>Writable for Accountant</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payzen%20Event.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payzen%20Event.xml
 <type_roles>
  <role id='Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Information System</property>
+   <property id='description'>XXX local role group</property>
+   <multi_property id='category'>function/is*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Assignee'>
   <property id='title'>Shadow User</property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person%20Module.xml
 <type_roles>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Auditor'>
   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Auditor'>
   <property id='title'>Person Shadow</property>
@@ -17,4 +10,9 @@
   <multi_property id='category'>role/shadow/person</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Phone%20Call.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Phone%20Call.xml
@@ -15,28 +15,36 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>source</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project%20Module.xml
@@ -4,22 +4,16 @@
   <multi_property id='category'>role/computer</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
-  <role id='Auditor; Author'>
-   <property id='title'>Customer</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
-  </role>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Auditor'>
+   <property id='title'>Project Compute Node Manager</property>
+   <property id='description'>XXX TODO
+add local roles group</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Auditor'>
-   <property id='title'>Person Shadow</property>
-   <multi_property id='categories'>local_role_group/shadow</multi_property>
-   <multi_property id='category'>role/shadow/person</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <property id='title'>Project Customer</property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml
 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-  <role id='Assignee'>
-   <property id='title'>Person Owner</property>
-   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='base_category'>destination_decision</multi_property>
-  </role>
  <role id='Auditor'>
-   <property id='title'>Person Shadow</property>
-   <multi_property id='categories'>local_role_group/shadow</multi_property>
-   <multi_property id='category'>role/shadow/person</multi_property>
-   <multi_property id='base_category'>role</multi_property>
-  </role>
-  <role id='Assignee'>
   <property id='title'>Project Member</property>
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
   <multi_property id='categories'>local_role_group/project</multi_property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Purchase%20Invoice%20Transaction.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Purchase%20Invoice%20Transaction.xml
 <type_roles>
+  <role id='Auditor'>
+   <property id='title'>ReadOnly for Accountant</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Writable for Accountant</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Query.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Query.xml
-<type_roles>
-</type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Regularisation%20Request%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Regularisation%20Request%20Module.xml
 <type_roles>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Auditor'>
   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+  <role id='Auditor'>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Regularisation%20Request.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Regularisation%20Request.xml
@@ -6,11 +6,21 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>destination_decision</multi_property>
  </role>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
+  </role>
  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
  <role id='Auditor'>
   <property id='title'>Member can see template</property>
@@ -19,4 +29,20 @@
   <multi_property id='category'>role/member</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
+  </role>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Sale%20Invoice%20Transaction.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Sale%20Invoice%20Transaction.xml
 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Assignee'>
   <property id='title'>Person Shadow</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
   <multi_property id='categories'>local_role_group/shadow</multi_property>
   <multi_property id='category'>role/shadow/person</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>ReadOnly for Accountant</property>
+   <property id='condition'>python: context.getLedger("") == "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
  <role id='Auditor'>
   <property id='title'>User</property>
-   <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
+   <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != '') and (context.getLedger("") == "automated")</property>
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>destination_section</multi_property>
  </role>
+  <role id='Assignor'>
+   <property id='title'>Writable for Accountant</property>
+   <property id='condition'>python: context.getLedger("") != "automated"</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/accounting</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Short%20Message.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Short%20Message.xml
@@ -15,28 +15,36 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>source</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Site%20Message.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Site%20Message.xml
@@ -15,28 +15,36 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>source</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Slave%20Instance.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Slave%20Instance.xml
@@ -11,12 +11,6 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>destination_section</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Assignee'>
   <property id='title'>Instance related by Instance Tree</property>
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
@@ -24,16 +18,20 @@
   <multi_property id='base_category'>specialise</multi_property>
  </role>
  <role id='Assignee'>
-   <property id='title'>Organisation Member</property>
-   <property id='base_category_script'>SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+   <property id='title'>Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
-  <role id='Assignee'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
  <role id='Assignor'>
   <property id='title'>Software Instance which provides this Slave Instance</property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Installation%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Installation%20Module.xml
@@ -5,16 +5,11 @@
   <multi_property id='category'>role/computer</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Auditor; Author'>
-   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <property id='title'>Project Production</property>
+   <property id='description'>XXX TODO
+add local roles group</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Installation.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Installation.xml
@@ -5,28 +5,20 @@
   <multi_property id='categories'>local_role_group/computer</multi_property>
   <multi_property id='base_category'>aggregate</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-  <role id='Assignee'>
-   <property id='title'>Organisation Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementAggregateDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
-  </role>
  <role id='Assignee'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+   <property id='title'>Project Production Agent</property>
+   <property id='description'>XXX project local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
-  <role id='Assignee'>
-   <property id='title'>Provider of the Installation</property>
+  <role id='Assignor'>
+   <property id='title'>Project Production Manager</property>
+   <property id='description'>XXX project local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Instance%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Instance%20Module.xml
@@ -4,21 +4,19 @@
   <multi_property id='category'>role/computer</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Auditor; Author'>
   <property id='title'>Instance</property>
   <multi_property id='category'>role/instance</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
  <role id='Auditor; Author'>
-   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <property id='title'>Project Customer</property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Instance.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Instance.xml
@@ -11,12 +11,6 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>destination_section</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Assignee'>
   <property id='title'>Instance related by Instance Tree</property>
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
@@ -24,15 +18,19 @@
   <multi_property id='base_category'>specialise</multi_property>
  </role>
  <role id='Assignee'>
-   <property id='title'>Organisation Member</property>
-   <property id='base_category_script'>SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+   <property id='title'>Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
-  <role id='Assignee'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getFollowUp("") != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Product%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Product%20Module.xml
 <type_roles>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Auditor'>
   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Product.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Product.xml
 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Release%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Release%20Module.xml
 <type_roles>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-  <role id='Auditor; Author'>
+  <role id='Auditor'>
   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Release.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Software%20Release.xml
 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Subscription%20Request%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Subscription%20Request%20Module.xml
 <type_roles>
-  <role id='Auditor; Author'>
-   <property id='title'>Company group</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Auditor'>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Subscription%20Request.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Subscription%20Request.xml
 <type_roles>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
+  </role>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
+  </role>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
+  </role>
  <role id='Assignor'>
-   <property id='title'>Company group</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Support%20Request%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Support%20Request%20Module.xml
 <type_roles>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Auditor; Author'>
+   <property id='title'>Production</property>
+   <multi_property id='category'>function/production*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Auditor; Author'>
-   <property id='title'>Member</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='category'>role/member</multi_property>
-   <multi_property id='base_category'>role</multi_property>
+   <property id='title'>Project Customer</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Support%20Request.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Support%20Request.xml
@@ -6,11 +6,21 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>destination_decision</multi_property>
  </role>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
+  </role>
  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
  <role id='Auditor'>
   <property id='title'>Member can see template</property>
@@ -19,22 +29,20 @@
   <multi_property id='category'>role/member</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
-  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/System%20Event%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/System%20Event%20Module.xml
 <type_roles>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Auditor'>
+   <property id='title'>Information System</property>
+   <property id='description'>XXX local role group</property>
+   <multi_property id='category'>function/is*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Author'>
   <property id='title'>Person Shadow</property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Upgrade%20Decision%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Upgrade%20Decision%20Module.xml
 <type_roles>
  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
+   <property id='title'>Compute Node Manager</property>
+   <property id='description'>XXX TODO
+add local roles group</property>
   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <multi_property id='category'>function/computer/manager</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Auditor; Author'>
   <property id='title'>Member</property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Upgrade%20Decision.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Upgrade%20Decision.xml
 <type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
  <role id='Assignee'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementLineAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Assignee'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementLineAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
  <role id='Assignee'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Item_getSecurityCategoryFromMovementLineAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
+  </role>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
  <role id='Assignee'>
   <property id='title'>User</property>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Visit.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Visit.xml
@@ -15,28 +15,36 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>source</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Message.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Message.xml
@@ -15,28 +15,36 @@
   <multi_property id='categories'>local_role_group/user</multi_property>
   <multi_property id='base_category'>source</multi_property>
  </role>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Destination Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (Compute Node)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination_section</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Destination Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getDestinationProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>destination_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Organisation Member (HS)</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestination</property>
-   <multi_property id='categories'>local_role_group/organisation</multi_property>
-   <multi_property id='base_category'>destination</multi_property>
+  <role id='Assignee'>
+   <property id='title'>Source Project Production Agent</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
-  <role id='Auditor'>
-   <property id='title'>Project Member</property>
-   <property id='base_category_script'>Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject</property>
-   <multi_property id='categories'>local_role_group/project</multi_property>
-   <multi_property id='base_category'>destination_project</multi_property>
+  <role id='Assignor'>
+   <property id='title'>Source Project Production Manager</property>
+   <property id='description'>XXX add local role group</property>
+   <property id='condition'>python: context.getSourceProject('', portal_type='Project') != ""</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
  </role>
 </type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Page%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Page%20Module.xml
-<type_roles>
-  <role id='Author; Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-</type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Page.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Web%20Page.xml
-<type_roles>
-  <role id='Assignor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
-  </role>
-</type_roles>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Wechat%20Event.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Wechat%20Event.xml
 <type_roles>
  <role id='Auditor'>
-   <property id='title'>Group company</property>
-   <multi_property id='categories'>local_role_group/group</multi_property>
-   <multi_property id='category'>group/company</multi_property>
-   <multi_property id='base_category'>group</multi_property>
+   <property id='title'>Information System</property>
+   <property id='description'>XXX local role group</property>
+   <multi_property id='category'>function/is*</multi_property>
+   <multi_property id='base_category'>function</multi_property>
  </role>
  <role id='Assignee'>
   <property id='title'>Shadow User</property>

--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_base/WebSection_getHostingJSPrecacheManifestList.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_base/WebSection_getHostingJSPrecacheManifestList.py
@@ -12,8 +12,6 @@ url_list = [
  "gadget_slapos_login_page.css",
  "gadget_erp5_page_slap_accept_upgrade_decision.html",
  "gadget_erp5_page_slap_accept_upgrade_decision.js",
-  "gadget_erp5_page_slap_add_compute_node.html",
-  "gadget_erp5_page_slap_add_compute_node.js",
  "gadget_erp5_page_slap_add_instance_tree.html",
  "gadget_erp5_page_slap_add_instance_tree.js",
  "gadget_erp5_page_slap_add_network.html",
@@ -56,8 +54,6 @@ url_list = [
  "gadget_erp5_page_slap_compute_node_request_certificate.js",
  "gadget_erp5_page_slap_compute_node_revoke_certificate.html",
  "gadget_erp5_page_slap_compute_node_revoke_certificate.js",
-  "gadget_erp5_page_slap_compute_node_view.html",
-  "gadget_erp5_page_slap_compute_node_view.js",
  "gadget_erp5_page_slap_cloud_contract_view.js",
  "gadget_erp5_page_slap_cloud_contract_view.html",
  "gadget_erp5_page_slap_request_contract_activation.js",
@@ -105,10 +101,6 @@ url_list = [
  "gadget_erp5_page_slap_person_request_certificate.js",
  "gadget_erp5_page_slap_person_view.html",
  "gadget_erp5_page_slap_person_view.js",
-  "gadget_erp5_page_slap_project_list.html",
-  "gadget_erp5_page_slap_project_list.js",
-  "gadget_erp5_page_slap_project_view.html",
-  "gadget_erp5_page_slap_project_view.js",
  "gadget_erp5_page_slap_regularisation_request_view.html",
  "gadget_erp5_page_slap_regularisation_request_view.js",
  "gadget_erp5_page_slap_rss_ticket.html",
@@ -138,8 +130,6 @@ url_list = [
  "gadget_erp5_page_slap_ticket_list.html",
  "gadget_erp5_page_slap_ticket_list.js",
  "gadget_erp5_page_slap_ticket_view.js",
-  "gadget_erp5_page_slap_transfer_compute_node.html",
-  "gadget_erp5_page_slap_transfer_compute_node.js",
  "gadget_erp5_page_slap_transfer_instance_tree.html",
  "gadget_erp5_page_slap_transfer_instance_tree.js",
  "gadget_erp5_page_slap_transfer_computer_network.html",

--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ComputeNode_getSecurityCategoryFromAllocationScope.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ComputeNode_getSecurityCategoryFromAllocationScope.xml
-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>_bind_names</string> </key>
-            <value>
-              <object>
-                <klass>
-                  <global name="_reconstructor" module="copy_reg"/>
-                </klass>
-                <tuple>
-                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
-                  <global name="object" module="__builtin__"/>
-                  <none/>
-                </tuple>
-                <state>
-                  <dictionary>
-                    <item>
-                        <key> <string>_asgns</string> </key>
-                        <value>
-                          <dictionary>
-                            <item>
-                                <key> <string>name_container</string> </key>
-                                <value> <string>container</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_context</string> </key>
-                                <value> <string>context</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_m_self</string> </key>
-                                <value> <string>script</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_subpath</string> </key>
-                                <value> <string>traverse_subpath</string> </value>
-                            </item>
-                          </dictionary>
-                        </value>
-                    </item>
-                  </dictionary>
-                </state>
-              </object>
-            </value>
-        </item>
-        <item>
-            <key> <string>_params</string> </key>
-            <value> <string>base_category_list, user_name, obj, portal_type</string> </value>
-        </item>
-        <item>
-            <key> <string>_proxy_roles</string> </key>
-            <value>
-              <tuple>
-                <string>Manager</string>
-              </tuple>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>ComputeNode_getSecurityCategoryFromAllocationScope</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ComputeNode_getSecurityCategoryFromAllocationScope.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ComputeNode_getSecurityCategoryFromAllocationScope.py
@@ -13,12 +13,7 @@ if obj is None:

 compute_node = obj

-category_list = []
-
-scope = compute_node.getAllocationScope()
-if scope == 'open/public':
-  return {"Auditor": ["R-SHADOW-PERSON"]}
-elif scope == 'open/subscription':
+if compute_node.getValidationState() == 'validated':
  return {"Auditor": ["R-SHADOW-PERSON"]}

-return category_list
+return []
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ComputePartition_getSecurityCategoryFromUser.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ComputePartition_getSecurityCategoryFromUser.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ComputePartition_getSecurityCategoryFromUser.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ComputePartition_getSecurityCategoryFromUser.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromAggregateRelatedSoftwareInstanceInstanceTree.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromAggregateRelatedSoftwareInstanceInstanceTree.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromAggregateRelatedSoftwareInstanceInstanceTree.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromAggregateRelatedSoftwareInstanceInstanceTree.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromAssignmentDestinationClientOrganisation.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromAssignmentDestinationClientOrganisation.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryMapping.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryMapping.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateDestination.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateDestination.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateDestination.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateDestination.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateDestinationProject.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateComputeNodeDestinationSection.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateComputeNodeDestinationSection.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateComputeNodeDestinationSection.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateComputeNodeDestinationSection.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestination.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestination.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestination.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestination.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestinationProject.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestinationProject.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestinationProject.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestinationProject.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestinationSection.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestinationSection.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestinationSection.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementAggregateDestinationSection.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestination.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestination.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestination.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestination.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationProject.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationProject.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationProject.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationProject.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationSection.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationSection.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationSection.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementDestinationSection.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateComputeNodeDestinationSection.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateComputeNodeDestinationSection.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateComputeNodeDestinationSection.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateComputeNodeDestinationSection.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateDestination.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateDestination.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateDestination.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateDestination.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateDestinationProject.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateDestinationProject.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateDestinationProject.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/Item_getSecurityCategoryFromMovementLineAggregateDestinationProject.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestination.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestination.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestination.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestination.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestinationProject.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestinationProject.py
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestinationProject.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/SoftwareInstance_getSecurityCategoryFromMovementSpecialiseDestinationProject.xml
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_erp5/CertificateAuthorityTool_checkSlapOSPASConsistency.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_erp5/CertificateAuthorityTool_checkSlapOSPASConsistency.py
--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5DefaultScenario.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5DefaultScenario.py
--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_edit.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_edit.xml
--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputerNetwork_edit.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputerNetwork_edit.xml
--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_InternalPackingListLine_setAggregate.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_InternalPackingListLine_setAggregate.xml
--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_SoftwareInstallation_edit.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_SoftwareInstallation_edit.xml
--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/script_InternalPackingListLine_updateAggregateLocalRoles.py
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/script_InternalPackingListLine_updateAggregateLocalRoles.py
--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/script_InternalPackingListLine_updateAggregateLocalRoles.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/script_InternalPackingListLine_updateAggregateLocalRoles.xml
--- a/master/bt5/slapos_erp5/bt/template_local_role_list
+++ b/master/bt5/slapos_erp5/bt/template_local_role_list
--- a/master/bt5/slapos_erp5/bt/template_portal_type_role_list
+++ b/master/bt5/slapos_erp5/bt/template_portal_type_role_list