diff --git a/awx/api/permissions.py b/awx/api/permissions.py
index 35e5ad186e..e02dab3e60 100644
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -195,22 +195,10 @@ class ProjectUpdatePermission(ModelAccessPermission):
     '''
     Permission check used by ProjectUpdateView to determine who can update projects
     '''
-    def check_get_permission(self, request, view, obj=None):
-        if request.user.is_superuser:
-            return True
-
+    def check_get_permissions(self, request, view, obj=None):
         project = get_object_or_400(view.model, pk=view.kwargs['pk'])
-        if project and request.user in project.read_role:
-            return True
-
-        return False
-
-    def check_post_permission(self, request, view, obj=None):
-        if request.user.is_superuser:
-            return True
+        return check_user_access(request.user, view.model, 'read', project)
 
+    def check_post_permissions(self, request, view, obj=None):
         project = get_object_or_400(view.model, pk=view.kwargs['pk'])
-        if project and request.user in project.update_role:
-            return True
-
-        return False
+        return check_user_access(request.user, view.model, 'start', project)
diff --git a/awx/main/access.py b/awx/main/access.py
index 3ccf38ab85..30ad1d4bcc 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -709,8 +709,9 @@ class ProjectAccess(BaseAccess):
     def can_delete(self, obj):
         return self.can_change(obj, None)
 
+    @check_superuser
     def can_start(self, obj):
-        return self.can_change(obj, {}) and obj.can_update
+        return obj and self.user in obj.update_role
 
 class ProjectUpdateAccess(BaseAccess):
     '''