--- a/src/pyams_thesaurus/__init__.py	Mon Jun 11 16:11:07 2018 +0200
+++ b/src/pyams_thesaurus/__init__.py	Tue Jun 26 15:10:29 2018 +0200
@@ -16,14 +16,16 @@
 from pyramid.i18n import TranslationStringFactory
 _ = TranslationStringFactory('pyams_thesaurus')
 
-from pyams_thesaurus.interfaces import CREATE_THESAURUS_PERMISSION, ADMIN_THESAURUS_PERMISSION, \
-    MANAGE_THESAURUS_CONTENT_PERMISSION, MANAGE_THESAURUS_EXTRACT_PERMISSION
-from pyams_utils.interfaces import VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION
-
 
 def includeme(config):
     """Pyramid include"""
 
+    from pyams_security.interfaces import SYSTEM_ADMIN_ROLE, ADMIN_USER_ID
+    from pyams_thesaurus.interfaces import CREATE_THESAURUS_PERMISSION, ADMIN_THESAURUS_PERMISSION, \
+        MANAGE_THESAURUS_CONTENT_PERMISSION, MANAGE_THESAURUS_EXTRACT_PERMISSION, THESAURUS_ADMIN_ROLE, \
+        THESAURUS_MANAGER_ROLE, THESAURUS_EXTRACT_MANAGER_ROLE
+    from pyams_utils.interfaces import VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION
+
     from .include import include_package
     include_package(config)
 
@@ -38,19 +40,24 @@
                                 'title': _("Manage thesaurus extract")})
 
     # register custom roles
-    config.register_role({'id': 'thesaurus.Admin',
+    config.register_role({'id': THESAURUS_ADMIN_ROLE,
                           'title': _("Thesaurus administrator (role)"),
                           'permissions': {ADMIN_THESAURUS_PERMISSION, MANAGE_THESAURUS_CONTENT_PERMISSION,
                                           MANAGE_THESAURUS_EXTRACT_PERMISSION,
                                           VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION},
-                          'managers': {'system:admin', 'role:system.Manager'}})
-    config.register_role({'id': 'thesaurus.Manager',
+                          'managers': {ADMIN_USER_ID,
+                                       'role:{0}'.format(SYSTEM_ADMIN_ROLE)}})
+    config.register_role({'id': THESAURUS_MANAGER_ROLE,
                           'title': _("Thesaurus content manager (role)"),
                           'permissions': {MANAGE_THESAURUS_CONTENT_PERMISSION, MANAGE_THESAURUS_EXTRACT_PERMISSION,
                                           VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION},
-                          'managers': {'system:admin', 'role:system.Manager', 'role:thesaurus.Admin'}})
-    config.register_role({'id': 'thesaurus.ExtractManager',
+                          'managers': {ADMIN_USER_ID,
+                                       'role:{0}'.format(SYSTEM_ADMIN_ROLE),
+                                       'role:{0}'.format(THESAURUS_ADMIN_ROLE)}})
+    config.register_role({'id': THESAURUS_EXTRACT_MANAGER_ROLE,
                           'title': _("Thesaurus extract manager (role)"),
                           'permissions': {MANAGE_THESAURUS_EXTRACT_PERMISSION,
                                           VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION},
-                          'managers': {'system:admin', 'role:system.Manager', 'role:thesaurus.Admin'}})
+                          'managers': {ADMIN_USER_ID,
+                                       'role:{0}'.format(SYSTEM_ADMIN_ROLE),
+                                       'role:{0}'.format(THESAURUS_ADMIN_ROLE)}})

--- a/src/pyams_thesaurus/interfaces/__init__.py	Mon Jun 11 16:11:07 2018 +0200
+++ b/src/pyams_thesaurus/interfaces/__init__.py	Tue Jun 26 15:10:29 2018 +0200
@@ -31,3 +31,15 @@
 
 MANAGE_THESAURUS_EXTRACT_PERMISSION = 'pyams.ManageThesaurusExtract'
 '''Permission to manage thesaurus extract contents'''
+
+
+THESAURUS_ADMIN_ROLE = 'thesaurus.Admin'
+'''Thesaurus admin is allowed to manage all thesaurus properties'''
+
+
+THESAURUS_MANAGER_ROLE = 'thesaurus.Manager'
+'''Thesaurus manager is allowed to manage thesaurus terms and extracts'''
+
+
+THESAURUS_EXTRACT_MANAGER_ROLE = 'thesaurus.ExtractManager'
+'''Thesaurus extract manager is allowed to manager content of a thesaurus extract'''