--- a/src/pyams_content/shared/common/security.py	Wed Apr 11 16:46:31 2018 +0200
+++ b/src/pyams_content/shared/common/security.py	Thu Apr 12 16:41:09 2018 +0200
@@ -22,7 +22,7 @@
 
 # import packages
 from persistent import Persistent
-from pyams_security.interfaces import IPrincipalInfo, IRevokedRoleEvent
+from pyams_security.interfaces import IPrincipalInfo, IRevokedRoleEvent, IGrantedRoleEvent
 from pyams_utils.adapter import adapter_config, ContextAdapter
 from pyams_utils.request import check_request
 from pyams_utils.traversing import get_parent
@@ -94,13 +94,22 @@
             del restrictions_folder[principal]
 
 
-@subscriber(IRevokedRoleEvent)
+@subscriber(IGrantedRoleEvent, role_selector=MANAGER_ROLE)
+def handle_added_manager_role(event):
+    """Handle added manager role"""
+    shared_tool = event.object.__parent__
+    manager_restrictions = IManagerRestrictions(shared_tool, None)
+    if manager_restrictions:
+        restrictions = IManagerRestrictionsFactory(shared_tool)(event.principal_id)
+        manager_restrictions.set_restrictions(event.principal_id, restrictions)
+
+
+@subscriber(IRevokedRoleEvent, role_selector=MANAGER_ROLE)
 def handle_revoked_manager_role(event):
     """Handle revoked manager role"""
-    if event.role_id == MANAGER_ROLE:
-        restrictions = IManagerRestrictions(event.object.__parent__, None)
-        if restrictions:
-            restrictions.drop_restrictions(event.principal_id)
+    restrictions = IManagerRestrictions(event.object.__parent__, None)
+    if restrictions:
+        restrictions.drop_restrictions(event.principal_id)
 
 
 @adapter_config(context=IWfSharedContent, provides=IManagerRestrictions)