diff --git a/config/module.config.php b/config/module.config.php
index 7012282367ed50aa13c7337227640ba227d07e71..faea79ffc40461e929fef73295e94cf7608aa3a8 100644
--- a/config/module.config.php
+++ b/config/module.config.php
@@ -494,7 +494,7 @@ return [
 
             'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class,
             'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class,
-            \UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class,
+            \UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class
         ],
         'lazy_services' => [
             // Mapping services to their class names is required since the ServiceManager is not a declarative DIC.
diff --git a/data/schema_postgresql.sql b/data/schema_postgresql.sql
index 8e88b34ec8ac39b3f371591d9e16689145287de9..ccef50c1781f542d6d5e6a83f37dae472f143ba4 100644
--- a/data/schema_postgresql.sql
+++ b/data/schema_postgresql.sql
@@ -18,7 +18,7 @@ CREATE TABLE user_role (
   is_default SMALLINT NOT NULL DEFAULT 0,
   parent_id BIGINT DEFAULT NULL,
   ldap_filter varchar(255) DEFAULT NULL,
-  accessible_exterieur SMALLINT NOT NULL DEFAULT 1,
+  accessible_exterieur BOOLEAN NOT NULL DEFAULT true,
   FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL
 );
 CREATE UNIQUE INDEX user_role_roleid_unique ON user_role (role_id);
diff --git a/src/UnicaenAuth/Form/Droits/RoleForm.php b/src/UnicaenAuth/Form/Droits/RoleForm.php
index 5fa88804700e8604f555e031c57386d81584a68b..8cf37e928ae19b332cc7e88acea4353a7d26e94f 100644
--- a/src/UnicaenAuth/Form/Droits/RoleForm.php
+++ b/src/UnicaenAuth/Form/Droits/RoleForm.php
@@ -53,6 +53,16 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
             ],
         ]);
 
+        $this->add([
+            'type' => 'Checkbox',
+            'name' => 'accessible-exterieur',
+            'options' => [
+                'label' => 'Accessible de l\'extérieur',
+                'checked_value' => '1',
+                'unchecked_value' => '0',
+            ],
+        ]);
+
         $this->add([
             'name' => 'id',
             'type' => 'Hidden',
@@ -88,6 +98,9 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
             'parent' => [
                 'required' => false,
             ],
+            'accessible-exterieur' => [
+                'required' => true,
+            ],
         ];
     }
 }
@@ -117,6 +130,7 @@ class RoleFormHydrator implements HydratorInterface
         $object->setRoleId($data['role-id']);
         $object->setLdapFilter($data['ldap-filter'] ?: null);
         $object->setParent($this->getServiceRole()->get($data['parent']));
+        $object->setAccessibleExterieur($data['accessible-exterieur'] == '1');
 
         return $object;
     }
@@ -135,6 +149,7 @@ class RoleFormHydrator implements HydratorInterface
             'role-id'     => $object->getRoleId(),
             'ldap-filter' => $object->getLdapFilter(),
             'parent'      => $object->getParent() ? $object->getParent()->getId() : null,
+            'accessible-exterieur' => $object->getAccessibleExterieur() ? '1' : '0',
         ];
 
         return $data;
diff --git a/src/UnicaenAuth/Provider/Identity/Db.php b/src/UnicaenAuth/Provider/Identity/Db.php
index cb92485e2cb12198ee7120d4922cdffc7959e54b..bd7e7d50043cf580a18eeb1b96138e8b76beea06 100644
--- a/src/UnicaenAuth/Provider/Identity/Db.php
+++ b/src/UnicaenAuth/Provider/Identity/Db.php
@@ -4,6 +4,7 @@ namespace UnicaenAuth\Provider\Identity;
 use BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider;
 use BjyAuthorize\Provider\Role\ProviderInterface;
 use UnicaenApp\Entity\Ldap\People;
+use UnicaenApp\HostLocalization\HostLocalizationAwareTrait;
 use UnicaenAuth\Entity\Db\AbstractRole;
 use UnicaenAuth\Service\Traits\RoleServiceAwareTrait;
 use Zend\Ldap\Ldap;
@@ -23,12 +24,19 @@ use Traversable;
 class Db extends AuthenticationIdentityProvider implements ChainableProvider, \BjyAuthorize\Provider\Identity\ProviderInterface
 {
     use RoleServiceAwareTrait;
+    use HostLocalizationAwareTrait;
+
 
     /**
      * @var Ldap
      */
     private $ldap;
 
+    /**
+     * @var
+     */
+    private $detectionContexteExecution;
+
 
 
     /**
@@ -84,6 +92,15 @@ class Db extends AuthenticationIdentityProvider implements ChainableProvider, \B
             }
         }
 
+        $inEtablissement = $this->getHostLocalization()->inEtablissement();
+        if (!$inEtablissement) { // Si on n'est pas dans l'établissement, alors on filtre les rôles disponibles
+            foreach ($roles as $i => $role) {
+                if ($role instanceof AbstractRole) {
+                    if (!$role->getAccessibleExterieur()) unset($roles[$i]);
+                }
+            }
+        }
+
         return $roles;
     }
 
diff --git a/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php b/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php
index 4ce3d5c8fa5685fa74539c157e518d808f777f77..332ab57dcca4d43ea9ff114ba1709e3d5f668023 100644
--- a/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php
+++ b/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php
@@ -27,6 +27,7 @@ class DbServiceFactory implements FactoryInterface
     {
         $user             = $container->get('zfcuser_user_service');
         $identityProvider = new Db($user->getAuthService());
+        $identityProvider->setHostLocalization($container->get('HostLocalization'));
 
         $unicaenAppOptions = $container->get('unicaen-app_module_options');
         /* @var $unicaenAppOptions ModuleOptions */
diff --git a/view/unicaen-auth/droits/role-edition.phtml b/view/unicaen-auth/droits/role-edition.phtml
index e7699d422c69ab4815f80eb41cb04da64706147a..04965b336e8e953ef3d43b4dd251e0117c418d71 100644
--- a/view/unicaen-auth/droits/role-edition.phtml
+++ b/view/unicaen-auth/droits/role-edition.phtml
@@ -13,7 +13,9 @@ if ($errors) {
 echo $this->formControlGroup($form->get('role-id'));
 echo $this->formControlGroup($form->get('parent'));
 echo $this->formControlGroup($form->get('ldap-filter'));
+echo $this->formControlGroup($form->get('accessible-exterieur'));
 echo $this->formRow($form->get('submit'));
+
 echo $this->formHidden($form->get('id'));
 
 echo $this->form()->closeTag();
\ No newline at end of file
diff --git a/view/unicaen-auth/droits/roles.phtml b/view/unicaen-auth/droits/roles.phtml
index ed85487cd53eff421b4fcc818b7620b4970301e9..e511f9da1d00f72509fa9557fc780906a85032c3 100644
--- a/view/unicaen-auth/droits/roles.phtml
+++ b/view/unicaen-auth/droits/roles.phtml
@@ -14,6 +14,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
         <th>Nom</th>
         <th>Parent</th>
         <th>Filtre LDAP</th>
+        <th>Accessible de l'extérieur</th>
         <?php if ($canEdit): ?><th>Action</th><?php endif; ?>
     </tr>
 <?php foreach( $roles as $role ):
@@ -24,6 +25,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
         <td><?php echo $role->getRoleId(); ?></td>
         <td><?php echo $role->getParent(); ?></td>
         <td><?php echo $role->getLdapFilter(); ?></td>
+        <td><?php echo $role->getAccessibleExterieur() ? 'Oui' : 'Non'; ?></td>
         <?php if ($canEdit): ?>
         <td style="width:1%;white-space: nowrap;text-align: center">
             <a href="<?php echo $editionUrl; ?>" class="ajax-modal" data-event="role-edition"><span class="glyphicon glyphicon-edit"></span></a>