diff --git a/migration/i9/oracle/202202041530_IDEMPIERE-5180.sql b/migration/i9/oracle/202202041530_IDEMPIERE-5180.sql
new file mode 100644
index 0000000000..5b6e2b6985
--- /dev/null
+++ b/migration/i9/oracle/202202041530_IDEMPIERE-5180.sql
@@ -0,0 +1,30 @@
+SET SQLBLANKLINES ON
+SET DEFINE OFF
+
+-- IDEMPIERE-5180
+-- Feb 5, 2022, 10:01:05 AM CET
+INSERT INTO AD_Val_Rule (AD_Val_Rule_ID,Name,Description,Type,Code,AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,EntityType,AD_Val_Rule_UU) VALUES (200153,'AD_Role of Client - Not manual only','Not manual roles of current client','S','AD_Role.AD_Client_ID=@#AD_Client_ID@ AND AD_Role.IsManual=''N''',0,0,'Y',TO_DATE('2022-02-05 10:01:05','YYYY-MM-DD HH24:MI:SS'),0,TO_DATE('2022-02-05 10:01:05','YYYY-MM-DD HH24:MI:SS'),0,'D','c79f3aa1-27ec-429f-b8e9-72b7ddc95dc2')
+;
+
+-- Feb 5, 2022, 10:01:16 AM CET
+UPDATE AD_Process_Para SET AD_Val_Rule_ID=200153,Updated=TO_DATE('2022-02-05 10:01:16','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_Para_ID=539
+;
+
+-- Feb 8, 2022, 8:25:06 AM CET
+UPDATE AD_Process SET Help='Update the access rights of a role or all roles of a client to windows, forms, processes and workflows. Note that a role is only updated if it is not marked as manual.',Updated=TO_DATE('2022-02-08 08:25:06','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_ID=295
+;
+
+-- Feb 8, 2022, 1:24:16 PM CET
+DELETE  FROM  AD_Process_Para_Trl WHERE AD_Process_Para_ID=538
+;
+
+-- Feb 8, 2022, 1:24:16 PM CET
+DELETE FROM AD_Process_Para WHERE AD_Process_Para_ID=538
+;
+
+-- Feb 8, 2022, 1:25:37 PM CET
+UPDATE AD_Process SET Help='Update the access rights of a role or all roles of a client to windows, forms, processes and workflows. Note that a role is only updated if it is not marked as manual. Note that if is executed from System client and role is not set, all tenant will be udpated',Updated=TO_DATE('2022-02-08 13:25:37','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_ID=295
+;
+
+SELECT register_migration_script('202202041530_IDEMPIERE-5180.sql') FROM dual
+;
diff --git a/migration/i9/postgresql/202202041530_IDEMPIERE-5180.sql b/migration/i9/postgresql/202202041530_IDEMPIERE-5180.sql
new file mode 100644
index 0000000000..85f4cf048f
--- /dev/null
+++ b/migration/i9/postgresql/202202041530_IDEMPIERE-5180.sql
@@ -0,0 +1,27 @@
+-- IDEMPIERE-5180
+-- Feb 5, 2022, 10:01:05 AM CET
+INSERT INTO AD_Val_Rule (AD_Val_Rule_ID,Name,Description,Type,Code,AD_Client_ID,AD_Org_ID,IsActive,Created,CreatedBy,Updated,UpdatedBy,EntityType,AD_Val_Rule_UU) VALUES (200153,'AD_Role of Client - Not manual only','Not manual roles of current client','S','AD_Role.AD_Client_ID=@#AD_Client_ID@ AND AD_Role.IsManual=''N''',0,0,'Y',TO_TIMESTAMP('2022-02-05 10:01:05','YYYY-MM-DD HH24:MI:SS'),0,TO_TIMESTAMP('2022-02-05 10:01:05','YYYY-MM-DD HH24:MI:SS'),0,'D','c79f3aa1-27ec-429f-b8e9-72b7ddc95dc2')
+;
+
+-- Feb 5, 2022, 10:01:16 AM CET
+UPDATE AD_Process_Para SET AD_Val_Rule_ID=200153,Updated=TO_TIMESTAMP('2022-02-05 10:01:16','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_Para_ID=539
+;
+
+-- Feb 8, 2022, 8:25:06 AM CET
+UPDATE AD_Process SET Help='Update the access rights of a role or all roles of a client to windows, forms, processes and workflows. Note that a role is only updated if it is not marked as manual.',Updated=TO_TIMESTAMP('2022-02-08 08:25:06','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_ID=295
+;
+
+-- Feb 8, 2022, 1:24:16 PM CET
+DELETE FROM AD_Process_Para_Trl WHERE AD_Process_Para_ID=538
+;
+
+-- Feb 8, 2022, 1:24:16 PM CET
+DELETE FROM AD_Process_Para WHERE AD_Process_Para_ID=538
+;
+
+-- Feb 8, 2022, 1:25:37 PM CET
+UPDATE AD_Process SET Help='Update the access rights of a role or all roles of a client to windows, forms, processes and workflows. Note that a role is only updated if it is not marked as manual. Note that if is executed from System client and role is not set, all tenant will be udpated',Updated=TO_TIMESTAMP('2022-02-08 13:25:37','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=0 WHERE AD_Process_ID=295
+;
+
+SELECT register_migration_script('202202041530_IDEMPIERE-5180.sql') FROM dual
+;
diff --git a/org.adempiere.base.process/src/org/compiere/process/RoleAccessUpdate.java b/org.adempiere.base.process/src/org/compiere/process/RoleAccessUpdate.java
index bc54220540..70146629e8 100644
--- a/org.adempiere.base.process/src/org/compiere/process/RoleAccessUpdate.java
+++ b/org.adempiere.base.process/src/org/compiere/process/RoleAccessUpdate.java
@@ -21,6 +21,7 @@ import java.util.List;
 import java.util.logging.Level;
 
 import org.compiere.Adempiere;
+import org.compiere.model.MClient;
 import org.compiere.model.MRole;
 import org.compiere.model.Query;
 import org.compiere.model.SystemIDs;
@@ -38,7 +39,7 @@ import org.compiere.util.Env;
  * 		<li>BF [ 3018005 ] Role Access Update: updates all roles if I log in as System
  * 			https://sourceforge.net/p/adempiere/bugs/2437/
  */
-@org.adempiere.base.annotation.Process
+@org.adempiere.base.annotation.Process
 public class RoleAccessUpdate extends SvrProcess
 {
 	/**	Static Logger	*/
@@ -46,12 +47,9 @@ public class RoleAccessUpdate extends SvrProcess
 	
 	/**	Update Role				*/
 	private int	p_AD_Role_ID = -1;
-	/**	Update Roles of Client	*/
-	private int	p_AD_Client_ID = -1;
 	/** Reset Existing Access */
 	private boolean p_IsReset = true;
-	
-	
+
 	/**
 	 * 	Prepare
 	 */
@@ -65,8 +63,6 @@ public class RoleAccessUpdate extends SvrProcess
 				;
 			else if (name.equals("AD_Role_ID"))
 				p_AD_Role_ID = para[i].getParameterAsInt();
-			else if (name.equals("AD_Client_ID"))
-				p_AD_Client_ID = para[i].getParameterAsInt();
 			else if (name.equals("ResetAccess"))
 				p_IsReset = "Y".equals(para[i].getParameter());
 			else
@@ -81,7 +77,7 @@ public class RoleAccessUpdate extends SvrProcess
 	 */
 	protected String doIt () throws Exception
 	{
-		if (log.isLoggable(Level.INFO)) log.info("AD_Client_ID=" + p_AD_Client_ID + ", AD_Role_ID=" + p_AD_Role_ID);
+		if (log.isLoggable(Level.INFO)) log.info("AD_Role_ID=" + p_AD_Role_ID);
 		//
 		if (p_AD_Role_ID > 0)
 			updateRole (new MRole (getCtx(), p_AD_Role_ID, get_TrxName()));
@@ -89,21 +85,16 @@ public class RoleAccessUpdate extends SvrProcess
 		{
 			List<Object> params = new ArrayList<Object>();
 			StringBuilder whereClause = new StringBuilder("1=1");
-			if (p_AD_Client_ID > 0)
-			{
-				whereClause.append(" AND AD_Client_ID=? ");
-				params.add(p_AD_Client_ID);
-			}
 			if (p_AD_Role_ID == SystemIDs.ROLE_SYSTEM) // System Role
 			{
 				whereClause.append(" AND AD_Role_ID=?");
 				params.add(p_AD_Role_ID);
 			}
-			//sql += "ORDER BY AD_Client_ID, Name";
-			
+
 			List<MRole> roles = new Query(getCtx(), MRole.Table_Name, whereClause.toString(), get_TrxName())
 			.setOnlyActiveRecords(true)
 			.setParameters(params)
+			.setClient_ID(getAD_Client_ID() > 0) // to avoid Cross tenant PO reading if running from a client > 0 with no role
 			.setOrderBy("AD_Client_ID, Name")
 			.list();
 			
@@ -122,7 +113,7 @@ public class RoleAccessUpdate extends SvrProcess
 	 */
 	private void updateRole (MRole role)
 	{
-		StringBuilder msglog = new StringBuilder(role.getName()).append(": ") 
+		StringBuilder msglog = new StringBuilder(MClient.get(role.getAD_Client_ID()).getName()).append(" - ").append(role.getName()).append(": ") 
 				.append(role.updateAccessRecords(p_IsReset));
 		addLog(0, null, null, msglog.toString());
 	}	//	updateRole