diff --git a/src/cls/WebTerminal/Installer.cls b/src/cls/WebTerminal/Installer.cls
index 7cfe287..4b54744 100644
--- a/src/cls/WebTerminal/Installer.cls
+++ b/src/cls/WebTerminal/Installer.cls
@@ -102,6 +102,9 @@ ClassMethod CreateProjection(cls As %String, ByRef params) As %Status
         1: requiredRole _ extractedRoles,
         : requiredRole
     )
+    // Ensure that WebTerminal role is always included in the MatchRoles for the socket application
+    set cspProperties("MatchRoles") = cspProperties("MatchRoles") _ ":WebTerminal"
+
     write !, "Assigning role " _ requiredRole _ " to a web application; resulting roles: " _ cspProperties("MatchRoles")
 
     set st = ..RegisterWebApplication("/terminalsocket", .cspProperties)
@@ -123,11 +126,11 @@ ClassMethod CreateProjection(cls As %String, ByRef params) As %Status
         set st = ##class(Security.Resources).Create(..#ResourceName,
             "Grants access to WebTerminal if set up.", "")
     }
-
+    // Adding %WebTerminal and %Admin_Secure to role WebTerminal
     if (##class(Security.Roles).Exists(..#RoleName) = 0) {
         set st = ##class(Security.Roles).Create(..#RoleName,
             "WebTerminal user role which may grant access to WebTerminal application if set up.",
-            "%WebTerminal:RWU")
+            "%WebTerminal:RWU,%Admin_Secure:U")
     }
     
     return st