diff --git a/awx/api/permissions.py b/awx/api/permissions.py
index bc1447ba03..975d8bd90c 100644
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -19,7 +19,7 @@ from awx.main.utils import get_object_or_400
 logger = logging.getLogger('awx.api.permissions')
 
 __all__ = ['ModelAccessPermission', 'JobTemplateCallbackPermission',
-           'TaskPermission']
+           'TaskPermission', 'ProjectUpdatePermission']
 
 class ModelAccessPermission(permissions.BasePermission):
     '''
@@ -190,3 +190,18 @@ class TaskPermission(ModelAccessPermission):
             return bool(not obj or obj.pk == unified_job.pk)
         else:
             return False
+
+class ProjectUpdatePermission(ModelAccessPermission):
+    '''
+    Permission check used by ProjectUpdateView to determine who can update projects
+    '''
+
+    def has_permission(self, request, view, obj=None):
+        if request.user.is_superuser:
+            return True
+
+        project = get_object_or_400(view.model, pk=view.kwargs['pk'])
+        if project and request.user in project.update_role:
+            return True
+
+        return False
diff --git a/awx/api/views.py b/awx/api/views.py
index 3eae2f56a8..717e10edfc 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1029,6 +1029,7 @@ class ProjectUpdateView(RetrieveAPIView):
 
     model = Project
     serializer_class = ProjectUpdateViewSerializer
+    permission_classes = (ProjectUpdatePermission,)
     new_in_13 = True
 
     def post(self, request, *args, **kwargs):