diff --git a/config/constants/local.js b/config/constants/local.js
index 3048bf97..5e197768 100644
--- a/config/constants/local.js
+++ b/config/constants/local.js
@@ -48,7 +48,6 @@ module.exports = {
   // Copilots and other apps remain on dev
   COPILOTS_URL: 'https://copilots.topcoder-dev.com',
 
-  // Projects API v6: keep dev default (switch to LOCAL_PROJECTS_API when needed)
   PROJECT_API_URL: `${DEV_API_HOSTNAME}/v6/projects`,
 
   // Local groups/resources/review services
diff --git a/src/components/ChallengesComponent/ChallengeList/index.js b/src/components/ChallengesComponent/ChallengeList/index.js
index 8de51f21..5866bcf4 100644
--- a/src/components/ChallengesComponent/ChallengeList/index.js
+++ b/src/components/ChallengesComponent/ChallengeList/index.js
@@ -25,7 +25,7 @@ import Loader from '../../Loader'
 import UpdateBillingAccount from '../../UpdateBillingAccount'
 
 import { CHALLENGE_STATUS, PAGE_SIZE, PAGINATION_PER_PAGE_OPTIONS, PROJECT_ROLES } from '../../../config/constants'
-import { checkAdmin, checkManager, checkReadOnlyRoles } from '../../../util/tc'
+import { checkAdmin, checkCanManageProjectBillingAccount, checkReadOnlyRoles } from '../../../util/tc'
 
 require('bootstrap/scss/bootstrap.scss')
 
@@ -405,10 +405,10 @@ class ChallengeList extends Component {
       fetchNextProjects
     } = this.props
     const isReadOnly = checkReadOnlyRoles(this.props.auth.token) || loginUserRoleInProject === PROJECT_ROLES.READ
-    const isAdmin = checkAdmin(this.props.auth.token)
-    const isManager = checkManager(this.props.auth.token)
-    const loginUserId = this.props.auth.user.userId
-    const isMemberOfActiveProject = activeProject && activeProject.members && activeProject.members.some(member => member.userId === loginUserId)
+    const canManageBillingAccount = checkCanManageProjectBillingAccount(
+      this.props.auth.token,
+      activeProject
+    )
 
     if (warnMessage) {
       return <Message warnMessage={warnMessage} />
@@ -495,12 +495,10 @@ class ChallengeList extends Component {
                 billingStartDate={billingStartDate}
                 billingEndDate={billingEndDate}
                 isBillingAccountExpired={isBillingAccountExpired}
-                isAdmin={isAdmin}
+                canManageBillingAccount={canManageBillingAccount}
                 currentBillingAccount={currentBillingAccount}
                 updateProject={updateProject}
                 projectId={activeProject.id}
-                isMemberOfActiveProject={isMemberOfActiveProject}
-                isManager={isManager}
               />
             </div>
           ) : (
diff --git a/src/components/ChallengesComponent/index.js b/src/components/ChallengesComponent/index.js
index dd85ac1c..dc4e4ea9 100644
--- a/src/components/ChallengesComponent/index.js
+++ b/src/components/ChallengesComponent/index.js
@@ -2,7 +2,6 @@
  * Component to render Challenges page
  */
 import React, { useState, useEffect } from 'react'
-import _ from 'lodash'
 import PropTypes from 'prop-types'
 import { Helmet } from 'react-helmet'
 import { Link } from 'react-router-dom'
@@ -11,14 +10,7 @@ import { PROJECT_ROLES, PROJECT_STATUS, COPILOTS_URL, CHALLENGE_STATUS } from '.
 import { PrimaryButton, OutlineButton } from '../Buttons'
 import ChallengeList from './ChallengeList'
 import styles from './ChallengesComponent.module.scss'
-import {
-  checkAdmin,
-  checkReadOnlyRoles,
-  checkAdminOrCopilotOrManager,
-  checkCanViewProjectAssets,
-  checkManager,
-  getProjectMemberByUserId
-} from '../../util/tc'
+import { checkAdmin, checkCanManageProject, checkCanViewProjectAssets, checkReadOnlyRoles, checkManager, getProjectMemberRole } from '../../util/tc'
 
 const ChallengesComponent = ({
   challenges,
@@ -58,8 +50,8 @@ const ChallengesComponent = ({
 }) => {
   const [loginUserRoleInProject, setLoginUserRoleInProject] = useState('')
   const isReadOnly = checkReadOnlyRoles(auth.token) || loginUserRoleInProject === PROJECT_ROLES.READ
+  const canManageProject = checkCanManageProject(auth.token, activeProject)
   const canViewAssets = checkCanViewProjectAssets(auth.token, activeProject)
-  const canEditProject = checkAdminOrCopilotOrManager(auth.token, activeProject)
 
   const projectStatus = activeProject && activeProject.status
     ? activeProject.status.toUpperCase()
@@ -69,9 +61,9 @@ const ChallengesComponent = ({
 
   useEffect(() => {
     const loggedInUser = auth.user
-    const loginUserProjectInfo = getProjectMemberByUserId(activeProject, _.get(loggedInUser, 'userId'))
-    if (loginUserProjectInfo && loginUserRoleInProject !== loginUserProjectInfo.role) {
-      setLoginUserRoleInProject(loginUserProjectInfo.role)
+    const loginUserProjectRole = getProjectMemberRole(activeProject, loggedInUser.userId)
+    if (loginUserProjectRole && loginUserRoleInProject !== loginUserProjectRole) {
+      setLoginUserRoleInProject(loginUserProjectRole)
     }
   }, [activeProject, auth, loginUserRoleInProject])
 
@@ -84,7 +76,7 @@ const ChallengesComponent = ({
             {activeProject ? activeProject.name : ''}
             {activeProject && activeProject.status && <ProjectStatus className={styles.status} status={activeProject.status} />}
           </div>
-          {activeProject && activeProject.id && canEditProject && (
+          {activeProject && activeProject.id && canManageProject && (
             <span>
               (
               <Link
diff --git a/src/components/ChallengesComponent/index.test.js b/src/components/ChallengesComponent/index.test.js
index e3bc6ec1..dc434feb 100644
--- a/src/components/ChallengesComponent/index.test.js
+++ b/src/components/ChallengesComponent/index.test.js
@@ -32,12 +32,13 @@ jest.mock('react-helmet', () => ({
 jest.mock('../../util/tc', () => ({
   checkAdmin: jest.fn(),
   checkReadOnlyRoles: jest.fn(),
-  checkAdminOrCopilotOrManager: jest.fn(),
+  checkCanManageProject: jest.fn(),
   checkCanViewProjectAssets: jest.fn(),
   checkManager: jest.fn(),
-  getProjectMemberByUserId: jest.fn((project, userId) => {
+  getProjectMemberRole: jest.fn((project, userId) => {
     const members = (project && project.members) || []
-    return members.find(member => `${member.userId}` === `${userId}`) || null
+    const member = members.find(candidate => `${candidate.userId}` === `${userId}`) || null
+    return member ? member.role : null
   })
 }))
 
@@ -111,7 +112,7 @@ describe('ChallengesComponent', () => {
 
     tcUtils.checkAdmin.mockReturnValue(false)
     tcUtils.checkReadOnlyRoles.mockReturnValue(false)
-    tcUtils.checkAdminOrCopilotOrManager.mockReturnValue(false)
+    tcUtils.checkCanManageProject.mockReturnValue(false)
     tcUtils.checkCanViewProjectAssets.mockReturnValue(true)
     tcUtils.checkManager.mockReturnValue(false)
   })
diff --git a/src/components/UpdateBillingAccount/index.js b/src/components/UpdateBillingAccount/index.js
index 71cca494..86a7115e 100644
--- a/src/components/UpdateBillingAccount/index.js
+++ b/src/components/UpdateBillingAccount/index.js
@@ -14,12 +14,10 @@ const UpdateBillingAccount = ({
   billingStartDate,
   billingEndDate,
   isBillingAccountExpired,
-  isAdmin,
+  canManageBillingAccount,
   currentBillingAccount,
   projectId,
-  updateProject,
-  isMemberOfActiveProject,
-  isManager
+  updateProject
 }) => {
   const [isEditing, setIsEditing] = useState(false)
   const [selectedBillingAccount, setSelectedBillingAccount] = useState(null)
@@ -131,7 +129,7 @@ const UpdateBillingAccount = ({
         !currentBillingAccount && (
         <Fragment>
           <span className={styles.error}>No Billing Account set</span>
-          {(isAdmin || (isManager && isMemberOfActiveProject)) && (
+          {canManageBillingAccount && (
             <span>
               {' '}
               ({' '}
@@ -155,7 +153,7 @@ const UpdateBillingAccount = ({
           >
             {isBillingAccountExpired ? 'INACTIVE' : 'ACTIVE'}
           </span>{' '}
-          {(isAdmin || (isManager && isMemberOfActiveProject)) && (
+          {canManageBillingAccount && (
             <span>
               {' '}
               ({' '}
@@ -187,11 +185,9 @@ UpdateBillingAccount.propTypes = {
   billingEndDate: PropTypes.string,
   currentBillingAccount: PropTypes.number,
   isBillingAccountExpired: PropTypes.bool,
-  isAdmin: PropTypes.bool,
+  canManageBillingAccount: PropTypes.bool,
   projectId: PropTypes.number,
-  updateProject: PropTypes.func.isRequired,
-  isMemberOfActiveProject: PropTypes.bool.isRequired,
-  isManager: PropTypes.bool.isRequired
+  updateProject: PropTypes.func.isRequired
 }
 
 export default UpdateBillingAccount
diff --git a/src/components/UpdateBillingAccount/index.test.js b/src/components/UpdateBillingAccount/index.test.js
new file mode 100644
index 00000000..02b9145d
--- /dev/null
+++ b/src/components/UpdateBillingAccount/index.test.js
@@ -0,0 +1,90 @@
+/* global describe, it, expect, beforeEach, afterEach, jest */
+
+import React from 'react'
+import ReactDOM from 'react-dom'
+import { act } from 'react-dom/test-utils'
+import UpdateBillingAccount from './index'
+
+jest.mock('../Select', () => () => null)
+jest.mock('../Buttons', () => {
+  const React = require('react')
+
+  const renderButton = (text) => React.createElement(
+    'button',
+    { type: 'button' },
+    text
+  )
+
+  return {
+    PrimaryButton: ({ text }) => renderButton(text),
+    OutlineButton: ({ text }) => renderButton(text)
+  }
+})
+
+describe('UpdateBillingAccount', () => {
+  let container
+
+  const defaultProps = {
+    billingAccounts: [],
+    isBillingAccountsLoading: false,
+    isBillingAccountLoading: false,
+    isBillingAccountLoadingFailed: false,
+    billingStartDate: 'Jan 01, 2026',
+    billingEndDate: 'Dec 31, 2026',
+    isBillingAccountExpired: false,
+    canManageBillingAccount: false,
+    currentBillingAccount: null,
+    projectId: 1001,
+    updateProject: () => {}
+  }
+
+  const renderComponent = (props = {}) => {
+    act(() => {
+      ReactDOM.render(
+        <UpdateBillingAccount {...defaultProps} {...props} />,
+        container
+      )
+    })
+  }
+
+  beforeEach(() => {
+    container = document.createElement('div')
+    document.body.appendChild(container)
+  })
+
+  afterEach(() => {
+    ReactDOM.unmountComponentAtNode(container)
+    container.remove()
+    container = null
+  })
+
+  it('shows the select action when the user can manage billing accounts and none is assigned', () => {
+    renderComponent({
+      canManageBillingAccount: true,
+      isBillingAccountLoadingFailed: true
+    })
+
+    expect(container.textContent).toContain('No Billing Account set')
+    expect(container.textContent).toContain('Select Billing Account')
+  })
+
+  it('shows the edit action when the user can manage an assigned billing account', () => {
+    renderComponent({
+      canManageBillingAccount: true,
+      currentBillingAccount: 12345
+    })
+
+    expect(container.textContent).toContain('Billing Account:')
+    expect(container.textContent).toContain('Edit Billing Account')
+  })
+
+  it('hides management actions when the user cannot manage billing accounts', () => {
+    renderComponent({
+      currentBillingAccount: 12345
+    })
+
+    expect(container.textContent).toContain('Billing Account:')
+    expect(container.textContent).not.toContain('Edit Billing Account')
+    expect(container.textContent).not.toContain('Select Billing Account')
+  })
+})
diff --git a/src/components/UserCard/index.js b/src/components/UserCard/index.js
index 03970d87..2c1102bb 100644
--- a/src/components/UserCard/index.js
+++ b/src/components/UserCard/index.js
@@ -8,6 +8,7 @@ import { PROJECT_ROLES } from '../../config/constants'
 import PrimaryButton from '../Buttons/PrimaryButton'
 import AlertModal from '../Modal/AlertModal'
 import { updateProjectMemberRole } from '../../services/projects'
+import { checkCanSelfAssignProjectRole } from '../../util/tc'
 
 const theme = {
   container: styles.modalContainer
@@ -23,11 +24,23 @@ function normalizeDisplayValue (value) {
   return normalizedValue || null
 }
 
+function normalizeUserId (userId) {
+  if (_.isNil(userId)) {
+    return null
+  }
+
+  const normalizedUserId = String(userId).trim()
+
+  return normalizedUserId || null
+}
+
 /**
  * Renders one project member or invite card with role controls.
  *
  * `user.handle` may be null/empty for some members; this component falls back
  * to `user.userId` and then `"(unknown user)"` when rendering labels/messages.
+ * Members may lower their own role, but this control blocks self-promotion to
+ * higher project privileges.
  */
 class UserCard extends Component {
   constructor (props) {
@@ -54,12 +67,21 @@ class UserCard extends Component {
   async updatePermission (newRole) {
     if (this.state.isUpdatingPermission) { return }
 
+    const { user, updateProjectMember, currentUserId } = this.props
+    const isCurrentUser = normalizeUserId(user.userId) === normalizeUserId(currentUserId)
+
+    if (isCurrentUser && !checkCanSelfAssignProjectRole(user.role, newRole)) {
+      this.setState({
+        showWarningModal: true,
+        permissionUpdateError: 'You cannot give yourself higher privileges in this project.'
+      })
+      return
+    }
+
     this.setState({
       isUpdatingPermission: true
     })
 
-    const { user, updateProjectMember } = this.props
-
     try {
       const newUserInfoRole = await updateProjectMemberRole(user.projectId, user.id, newRole)
       updateProjectMember(newUserInfoRole)
@@ -75,8 +97,13 @@ class UserCard extends Component {
   }
 
   render () {
-    const { isInvite, user, onRemoveClick, isEditable } = this.props
+    const { isInvite, user, onRemoveClick, isEditable, currentUserId } = this.props
     const showRadioButtons = _.includes(_.values(PROJECT_ROLES), user.role)
+    const isCurrentUser = normalizeUserId(user.userId) === normalizeUserId(currentUserId)
+    const canAssignRole = role => (
+      isEditable &&
+      (!isCurrentUser || checkCanSelfAssignProjectRole(user.role, role))
+    )
     const userDisplayName = normalizeDisplayValue(user.handle) ||
       normalizeDisplayValue(user.userId) ||
       '(unknown user)'
@@ -125,9 +152,10 @@ class UserCard extends Component {
                     type='radio'
                     id={`read-${user.id}`}
                     checked={user.role === PROJECT_ROLES.READ}
+                    disabled={!canAssignRole(PROJECT_ROLES.READ)}
                     onChange={(e) => e.target.checked && this.updatePermission(PROJECT_ROLES.READ)}
                   />
-                  <label className={cn({ [styles.isDisabled]: !isEditable })} htmlFor={`read-${user.id}`}>
+                  <label className={cn({ [styles.isDisabled]: !canAssignRole(PROJECT_ROLES.READ) })} htmlFor={`read-${user.id}`}>
                     <div>
                       Read
                     </div>
@@ -142,9 +170,10 @@ class UserCard extends Component {
                     type='radio'
                     id={`write-${user.id}`}
                     checked={user.role === PROJECT_ROLES.WRITE}
+                    disabled={!canAssignRole(PROJECT_ROLES.WRITE)}
                     onChange={(e) => e.target.checked && this.updatePermission(PROJECT_ROLES.WRITE)}
                   />
-                  <label className={cn({ [styles.isDisabled]: !isEditable })} htmlFor={`write-${user.id}`}>
+                  <label className={cn({ [styles.isDisabled]: !canAssignRole(PROJECT_ROLES.WRITE) })} htmlFor={`write-${user.id}`}>
                     <div>
                       Write
                     </div>
@@ -159,9 +188,10 @@ class UserCard extends Component {
                     type='radio'
                     id={`full-access-${user.id}`}
                     checked={user.role === PROJECT_ROLES.MANAGER}
+                    disabled={!canAssignRole(PROJECT_ROLES.MANAGER)}
                     onChange={(e) => e.target.checked && this.updatePermission(PROJECT_ROLES.MANAGER)}
                   />
-                  <label className={cn({ [styles.isDisabled]: !isEditable })} htmlFor={`full-access-${user.id}`}>
+                  <label className={cn({ [styles.isDisabled]: !canAssignRole(PROJECT_ROLES.MANAGER) })} htmlFor={`full-access-${user.id}`}>
                     <div>
                       Full Access
                     </div>
@@ -176,9 +206,10 @@ class UserCard extends Component {
                     type='radio'
                     id={`copilot-${user.id}`}
                     checked={user.role === PROJECT_ROLES.COPILOT}
+                    disabled={!canAssignRole(PROJECT_ROLES.COPILOT)}
                     onChange={(e) => e.target.checked && this.updatePermission(PROJECT_ROLES.COPILOT)}
                   />
-                  <label className={cn({ [styles.isDisabled]: !isEditable })} htmlFor={`copilot-${user.id}`}>
+                  <label className={cn({ [styles.isDisabled]: !canAssignRole(PROJECT_ROLES.COPILOT) })} htmlFor={`copilot-${user.id}`}>
                     <div>
                       Copilot
                     </div>
@@ -213,6 +244,7 @@ class UserCard extends Component {
 UserCard.propTypes = {
   isInvite: PropTypes.bool,
   user: PropTypes.object,
+  currentUserId: PropTypes.oneOfType([PropTypes.string, PropTypes.number]),
   updateProjectMember: PropTypes.func.isRequired,
   onRemoveClick: PropTypes.func.isRequired,
   isEditable: PropTypes.bool
diff --git a/src/components/UserCard/index.test.js b/src/components/UserCard/index.test.js
new file mode 100644
index 00000000..65822402
--- /dev/null
+++ b/src/components/UserCard/index.test.js
@@ -0,0 +1,118 @@
+/* eslint-disable react/prop-types */
+/* global describe, it, expect, beforeEach, afterEach, jest */
+
+import React from 'react'
+import ReactDOM from 'react-dom'
+import { act } from 'react-dom/test-utils'
+import UserCard from './index'
+import { PROJECT_ROLES } from '../../config/constants'
+import { updateProjectMemberRole } from '../../services/projects'
+
+jest.mock('tc-auth-lib', () => ({
+  decodeToken: jest.fn()
+}))
+
+jest.mock('../Buttons/PrimaryButton', () => {
+  const React = require('react')
+
+  return function MockPrimaryButton ({ text, onClick }) {
+    return React.createElement('button', { onClick }, text)
+  }
+})
+
+jest.mock('../Modal/AlertModal', () => {
+  const React = require('react')
+
+  return function MockAlertModal ({ title, message }) {
+    return React.createElement(
+      'div',
+      null,
+      [title, message].filter(Boolean).join(' ')
+    )
+  }
+})
+
+jest.mock('../../services/projects', () => ({
+  updateProjectMemberRole: jest.fn()
+}))
+
+describe('UserCard', () => {
+  let container
+
+  const baseUser = {
+    id: 'member-1',
+    projectId: 123,
+    userId: '1001',
+    handle: 'pm-user',
+    role: PROJECT_ROLES.WRITE
+  }
+
+  const renderComponent = (props = {}) => {
+    let component
+
+    act(() => {
+      component = ReactDOM.render(
+        <UserCard
+          user={baseUser}
+          currentUserId='1001'
+          updateProjectMember={jest.fn()}
+          onRemoveClick={jest.fn()}
+          isEditable
+          {...props}
+        />,
+        container
+      )
+    })
+
+    return component
+  }
+
+  beforeEach(() => {
+    container = document.createElement('div')
+    document.body.appendChild(container)
+    updateProjectMemberRole.mockReset()
+  })
+
+  afterEach(() => {
+    ReactDOM.unmountComponentAtNode(container)
+    container.remove()
+    container = null
+  })
+
+  it('disables higher-privilege options for the current user and blocks the update call', async () => {
+    const component = renderComponent()
+
+    expect(container.querySelector('#full-access-member-1').disabled).toBe(true)
+    expect(container.querySelector('#copilot-member-1').disabled).toBe(true)
+
+    await act(async () => {
+      await component.updatePermission(PROJECT_ROLES.MANAGER)
+    })
+
+    expect(updateProjectMemberRole).not.toHaveBeenCalled()
+    expect(container.textContent).toContain('You cannot give yourself higher privileges in this project.')
+  })
+
+  it('still allows changing another member to a higher-privilege role', async () => {
+    const updateProjectMember = jest.fn()
+    const component = renderComponent({
+      currentUserId: '2002',
+      updateProjectMember
+    })
+
+    updateProjectMemberRole.mockResolvedValue({
+      ...baseUser,
+      role: PROJECT_ROLES.MANAGER
+    })
+
+    await act(async () => {
+      await component.updatePermission(PROJECT_ROLES.MANAGER)
+    })
+
+    expect(updateProjectMemberRole).toHaveBeenCalledWith(123, 'member-1', PROJECT_ROLES.MANAGER)
+    expect(updateProjectMember).toHaveBeenCalledWith({
+      ...baseUser,
+      role: PROJECT_ROLES.MANAGER
+    })
+  })
+})
diff --git a/src/components/Users/index.js b/src/components/Users/index.js
index 38fbf07b..973e3b7f 100644
--- a/src/components/Users/index.js
+++ b/src/components/Users/index.js
@@ -195,6 +195,7 @@ class Users extends Component {
       }
     })
     const loggedInHandle = this.getHandle()
+    const currentUserId = _.get(this.props, 'auth.user.userId', null)
     const membersExist = (projectMembers && projectMembers.length > 0) || (invitedMembers && invitedMembers.length > 0)
     const isCopilotOrManager = this.checkIsCopilotOrManager(projectMembers, loggedInHandle)
     const isAdmin = checkAdmin(this.props.auth.token)
@@ -311,6 +312,7 @@ class Users extends Component {
                       <li className={styles.userItem} key={`user-card-${member.id}`}>
                         <UserCard
                           user={member}
+                          currentUserId={currentUserId}
                           onRemoveClick={this.onRemoveClick}
                           updateProjectMember={updateProjectMember}
                           isEditable={isEditable} />
diff --git a/src/containers/Challenges/helper.js b/src/containers/Challenges/helper.js
new file mode 100644
index 00000000..79f2efd8
--- /dev/null
+++ b/src/containers/Challenges/helper.js
@@ -0,0 +1,26 @@
+/**
+ * Returns project details only when they match the current project context.
+ *
+ * This prevents stale project data from rendering on another project page while
+ * still handling APIs that may return ids as strings.
+ *
+ * @param {Object} projectDetail Loaded project details from redux.
+ * @param {string|number} projectId Project id from the current route.
+ * @param {number} activeProjectId Active project id stored in the sidebar state.
+ * @returns {Object} The matching project detail object, or an empty object.
+ */
+export function getActiveProject (projectDetail, projectId, activeProjectId) {
+  if (!projectDetail) {
+    return {}
+  }
+
+  const scopedProjectId = projectId != null
+    ? `${projectId}`
+    : (activeProjectId != null && activeProjectId !== -1 ? `${activeProjectId}` : '')
+
+  if (!scopedProjectId || `${projectDetail.id}` !== scopedProjectId) {
+    return {}
+  }
+
+  return projectDetail
+}
diff --git a/src/containers/Challenges/helper.test.js b/src/containers/Challenges/helper.test.js
new file mode 100644
index 00000000..12e36dc3
--- /dev/null
+++ b/src/containers/Challenges/helper.test.js
@@ -0,0 +1,23 @@
+/* global describe, it, expect */
+
+import { getActiveProject } from './helper'
+
+describe('getActiveProject', () => {
+  it('returns the project detail when the route project id matches a string project id', () => {
+    const projectDetail = {
+      id: '100566',
+      name: 'Project Phoenix'
+    }
+
+    expect(getActiveProject(projectDetail, 100566, 100566)).toEqual(projectDetail)
+  })
+
+  it('returns an empty object when the loaded project does not match the current project context', () => {
+    const projectDetail = {
+      id: '100566',
+      name: 'Project Phoenix'
+    }
+
+    expect(getActiveProject(projectDetail, 100567, 100567)).toEqual({})
+  })
+})
diff --git a/src/containers/Challenges/index.js b/src/containers/Challenges/index.js
index 871f078b..e413cd79 100644
--- a/src/containers/Challenges/index.js
+++ b/src/containers/Challenges/index.js
@@ -22,6 +22,7 @@ import {
 } from '../../actions/sidebar'
 import { checkAdmin, checkIsUserInvitedToProject } from '../../util/tc'
 import { withRouter } from 'react-router-dom'
+import { getActiveProject } from './helper'
 
 class Challenges extends Component {
   constructor (props) {
@@ -134,6 +135,7 @@ class Challenges extends Component {
       setActiveProject,
       partiallyUpdateChallengeDetails,
       deleteChallenge,
+      projectId,
       isBillingAccountExpired,
       billingStartDate,
       billingEndDate,
@@ -150,16 +152,17 @@ class Challenges extends Component {
       fetchNextProjects
     } = this.props
     const { challengeTypes = [] } = metadata
-    const isActiveProjectLoaded =
-      reduxProjectInfo && `${reduxProjectInfo.id}` === `${activeProjectId}`
+    const activeProject = getActiveProject(
+      reduxProjectInfo,
+      projectId,
+      activeProjectId
+    )
 
     return (
       <Fragment>
         {(dashboard || activeProjectId !== -1 || selfService) && (
           <ChallengesComponent
-            activeProject={{
-              ...(isActiveProjectLoaded ? reduxProjectInfo : {})
-            }}
+            activeProject={activeProject}
             fetchNextProjects={fetchNextProjects}
             warnMessage={warnMessage}
             setActiveProject={setActiveProject}
diff --git a/src/containers/ProjectEditor/index.js b/src/containers/ProjectEditor/index.js
index e4cf8694..ce4b174b 100644
--- a/src/containers/ProjectEditor/index.js
+++ b/src/containers/ProjectEditor/index.js
@@ -16,7 +16,7 @@ import {
   clearProjectDetail
 } from '../../actions/projects'
 import { setActiveProject } from '../../actions/sidebar'
-import { checkAdminOrCopilotOrManager, checkAdmin, checkIsUserInvitedToProject, checkManager } from '../../util/tc'
+import { checkAdmin, checkCanCreateProject, checkCanManageProject, checkIsUserInvitedToProject, checkManager, getProjectMemberRole } from '../../util/tc'
 import { PROJECT_ROLES } from '../../config/constants'
 import Loader from '../../components/Loader'
 
@@ -45,12 +45,11 @@ class ProjectEditor extends Component {
       history.push(`/projects/${projectDetail.id}/invitation`)
     }
 
-    // For create flow there is no project context yet, so only evaluate global JWT roles.
-    const canManageProject = isEdit
-      ? checkAdminOrCopilotOrManager(auth.token, projectDetail)
-      : checkAdminOrCopilotOrManager(auth.token)
+    if (isEdit && !checkCanManageProject(auth.token, projectDetail)) {
+      history.push('/projects')
+    }
 
-    if (!canManageProject) {
+    if (!isEdit && !checkCanCreateProject(auth.token)) {
       history.push('/projects')
     }
   }
@@ -69,13 +68,7 @@ class ProjectEditor extends Component {
   }
 
   getMemberRole (members, userId) {
-    if (!userId) { return null }
-
-    const found = _.find(members, (m) => {
-      return m.userId === userId
-    })
-
-    return _.get(found, 'role')
+    return getProjectMemberRole({ members }, userId)
   }
 
   checkIsCopilotOrManager (projectMembers, userId) {
diff --git a/src/containers/Projects/index.js b/src/containers/Projects/index.js
index 97fcc577..44968f5d 100644
--- a/src/containers/Projects/index.js
+++ b/src/containers/Projects/index.js
@@ -5,7 +5,7 @@ import { withRouter, Link } from 'react-router-dom'
 import { connect } from 'react-redux'
 import PropTypes from 'prop-types'
 import Loader from '../../components/Loader'
-import { checkAdminOrCopilotOrManager, checkManager } from '../../util/tc'
+import { checkCanCreateProject, checkManager } from '../../util/tc'
 import { PrimaryButton } from '../../components/Buttons'
 import Select from '../../components/Select'
 import ProjectCard from '../../components/ProjectCard'
@@ -49,7 +49,7 @@ const Projects = ({ projects, auth, isLoading, projectsCount, loadProjects, load
     <div className={styles.container}>
       <div className={styles.headerLine}>
         <h2>Projects</h2>
-        {checkAdminOrCopilotOrManager(auth.token) && (
+        {checkCanCreateProject(auth.token) && (
           <Link className={styles.buttonNewProject} to={`/projects/new`}>
             <PrimaryButton text={'New Project'} type={'info'} />
           </Link>
diff --git a/src/util/tc.js b/src/util/tc.js
index c813d1d7..6c84aa94 100644
--- a/src/util/tc.js
+++ b/src/util/tc.js
@@ -21,6 +21,64 @@ import { decodeToken } from 'tc-auth-lib'
 import { fetchResources, fetchResourceRoles } from '../services/challenges'
 import store from '../config/store'
 
+const TALENT_MANAGER_ROLES = [
+  'talent manager',
+  'topcoder talent manager'
+]
+
+const PROJECT_ROLE_PRIVILEGE_LEVELS = {
+  [PROJECT_ROLES.READ]: 0,
+  [PROJECT_ROLES.WRITE]: 1,
+  [PROJECT_ROLES.MANAGER]: 2,
+  [PROJECT_ROLES.COPILOT]: 3
+}
+
+const normalizeUserId = (userId) => {
+  if (_.isNil(userId)) {
+    return null
+  }
+
+  const normalizedUserId = `${userId}`.trim()
+  return normalizedUserId.length > 0 ? normalizedUserId : null
+}
+
+const normalizeEmail = (email) => {
+  if (_.isNil(email)) {
+    return null
+  }
+
+  const normalizedEmail = `${email}`.trim().toLowerCase()
+  return normalizedEmail.length > 0 ? normalizedEmail : null
+}
+
+const getProjectMember = (project, userId) => {
+  const normalizedUserId = normalizeUserId(userId)
+
+  if (
+    !project ||
+    _.isEmpty(project) ||
+    !normalizedUserId ||
+    !Array.isArray(project.members)
+  ) {
+    return null
+  }
+
+  return _.find(
+    project.members,
+    member => normalizeUserId(member.userId) === normalizedUserId
+  ) || null
+}
+
+const canManageProject = (project, userId) => {
+  if (!project || _.isEmpty(project)) {
+    return true
+  }
+
+  return ALLOWED_EDIT_RESOURCE_ROLES.includes(
+    _.get(getProjectMember(project, userId), 'role')
+  )
+}
+
 export const RATING_COLORS = [
   {
     color: '#9D9FA0' /* Grey */,
@@ -213,8 +271,7 @@ export const checkManager = (token) => {
 export const checkTalentManager = (token) => {
   const tokenData = decodeToken(token)
   const roles = _.get(tokenData, 'roles')
-  const talentManagerRoles = ['talent manager', 'topcoder talent manager']
-  return roles.some(val => talentManagerRoles.indexOf(val.toLowerCase()) > -1)
+  return roles.some(val => TALENT_MANAGER_ROLES.indexOf(val.toLowerCase()) > -1)
 }
 
 export const checkAdminOrTalentManager = (token) => {
@@ -227,13 +284,114 @@ export const checkTaskManager = (token) => {
   return roles.some(val => TASK_MANAGER_ROLES.indexOf(val.toLowerCase()) > -1)
 }
 
-const normalizeUserId = (userId) => {
-  if (_.isNil(userId)) {
+/**
+ * Checks whether the caller can manage project ownership flows in Work Manager.
+ *
+ * Admins always qualify. Project Managers, Copilots, and Talent Managers
+ * additionally need a management-capable project membership when a project
+ * context is provided.
+ *
+ * @param  token
+ * @param  project
+ * @returns {boolean} Whether the caller can manage the project in the UI.
+ */
+export const checkCanManageProject = (token, project) => {
+  const tokenData = decodeToken(token)
+  const roles = _.get(tokenData, 'roles')
+  const isAdmin = roles.some(val => ADMIN_ROLES.indexOf(val.toLowerCase()) > -1)
+  const isCopilot = roles.some(val => COPILOT_ROLES.indexOf(val.toLowerCase()) > -1)
+  const isManager = roles.some(val => MANAGER_ROLES.indexOf(val.toLowerCase()) > -1)
+  const isTalentManager = roles.some(val => TALENT_MANAGER_ROLES.indexOf(val.toLowerCase()) > -1)
+  const hasProjectManagementAccess = canManageProject(project, tokenData.userId)
+
+  return isAdmin || ((isCopilot || isManager || isTalentManager) && hasProjectManagementAccess)
+}
+
+/**
+ * Checks whether the caller may create a project in Work Manager.
+ *
+ * Project creation remains broader than edit permissions. Project Managers
+ * should still be able to create projects even though billing-account edits
+ * are limited to admins and Full Access members.
+ *
+ * @param  token
+ * @returns {boolean} Whether the caller can create a project.
+ */
+export const checkCanCreateProject = (token) => {
+  return checkAdmin(token) || checkManager(token) || checkCopilot(token)
+}
+
+/**
+ * Checks whether the caller may edit a project's billing account.
+ *
+ * This is intentionally stricter than general project-management checks:
+ * only admins or project members with Full Access (`manager`) qualify.
+ *
+ * @param  token
+ * @param  project
+ * @returns {boolean} Whether the caller can edit the project's billing account.
+ */
+export const checkCanManageProjectBillingAccount = (token, project) => {
+  const tokenData = decodeToken(token)
+  const roles = _.get(tokenData, 'roles', [])
+  const isAdmin = roles.some(val => ADMIN_ROLES.indexOf(val.toLowerCase()) > -1)
+
+  if (isAdmin) {
+    return true
+  }
+
+  return _.get(getProjectMember(project, tokenData.userId), 'role') === PROJECT_ROLES.MANAGER
+}
+
+export const checkProjectMembership = (project, userId) => {
+  return !!getProjectMember(project, userId)
+}
+
+export const getProjectMemberRole = (project, userId) => {
+  return _.get(getProjectMember(project, userId), 'role', null)
+}
+
+/**
+ * Returns the privilege level for a project role used by Work Manager.
+ *
+ * Higher numbers represent broader project permissions. Unknown roles return
+ * `null` so callers can fail closed when comparing permissions.
+ *
+ * @param {string} role Project role identifier from the API/UI.
+ * @returns {number|null} Numeric privilege level or `null` for unknown roles.
+ */
+export const getProjectRolePrivilegeLevel = (role) => {
+  if (_.isNil(role)) {
     return null
   }
 
-  const normalizedUserId = `${userId}`.trim()
-  return normalizedUserId.length ? normalizedUserId : null
+  const normalizedRole = `${role}`.trim().toLowerCase()
+
+  return Object.prototype.hasOwnProperty.call(PROJECT_ROLE_PRIVILEGE_LEVELS, normalizedRole)
+    ? PROJECT_ROLE_PRIVILEGE_LEVELS[normalizedRole]
+    : null
+}
+
+/**
+ * Checks whether a member may assign themselves `nextRole` without increasing
+ * their project privileges.
+ *
+ * This keeps self-service role edits limited to the same role or a downgrade,
+ * while blocking self-promotion to broader project access.
+ *
+ * @param {string} currentRole Current project role for the member.
+ * @param {string} nextRole Requested replacement project role.
+ * @returns {boolean} `true` when the new role is the same privilege or lower.
+ */
+export const checkCanSelfAssignProjectRole = (currentRole, nextRole) => {
+  const currentRolePrivilegeLevel = getProjectRolePrivilegeLevel(currentRole)
+  const nextRolePrivilegeLevel = getProjectRolePrivilegeLevel(nextRole)
+
+  if (_.isNil(currentRolePrivilegeLevel) || _.isNil(nextRolePrivilegeLevel)) {
+    return false
+  }
+
+  return nextRolePrivilegeLevel <= currentRolePrivilegeLevel
 }
 
 /**
@@ -269,8 +427,11 @@ export const checkAdminOrPmOrTaskManager = (token, project) => {
   const isManager = roles.some(val => MANAGER_ROLES.indexOf(val.toLowerCase()) > -1)
   const isTaskManager = roles.some(val => TASK_MANAGER_ROLES.indexOf(val.toLowerCase()) > -1)
 
-  const isProjectManager =
-    _.get(getProjectMemberByUserId(project, userId), 'role') === PROJECT_ROLES.MANAGER
+  const isProjectManager = project && !_.isEmpty(project) &&
+    project.members && project.members.some(member =>
+    normalizeUserId(member.userId) === normalizeUserId(userId) &&
+      member.role === PROJECT_ROLES.MANAGER
+  )
 
   return isAdmin || isManager || isTaskManager || isProjectManager
 }
@@ -282,12 +443,8 @@ export const checkCopilot = (token, project) => {
   const tokenData = decodeToken(token)
   const roles = _.get(tokenData, 'roles')
   const isCopilot = roles.some(val => COPILOT_ROLES.indexOf(val.toLowerCase()) > -1)
-  const canManageProject = !project || _.isEmpty(project) ||
-    ALLOWED_EDIT_RESOURCE_ROLES.includes(
-      _.get(getProjectMemberByUserId(project, tokenData.userId), 'role')
-    )
 
-  return isCopilot && canManageProject
+  return isCopilot && canManageProject(project, tokenData.userId)
 }
 
 /**
@@ -299,12 +456,8 @@ export const checkAdminOrCopilot = (token, project) => {
   const roles = _.get(tokenData, 'roles')
   const isAdmin = roles.some(val => ADMIN_ROLES.indexOf(val.toLowerCase()) > -1)
   const isCopilot = roles.some(val => COPILOT_ROLES.indexOf(val.toLowerCase()) > -1)
-  const canManageProject = !project || _.isEmpty(project) ||
-    ALLOWED_EDIT_RESOURCE_ROLES.includes(
-      _.get(getProjectMemberByUserId(project, tokenData.userId), 'role')
-    )
 
-  return isAdmin || (isCopilot && canManageProject)
+  return isAdmin || (isCopilot && canManageProject(project, tokenData.userId))
 }
 
 /**
@@ -360,10 +513,16 @@ export const checkIsUserInvitedToProject = (token, project) => {
   }
 
   const tokenData = decodeToken(token)
-  return project && !_.isEmpty(project) && (_.find(project.invites, d => (
-    d.status === PROJECT_MEMBER_INVITE_STATUS_PENDING &&
-    (d.userId === tokenData.userId || d.email === tokenData.email)
-  )))
+  return project && !_.isEmpty(project) && (_.find(
+    project.invites,
+    d => (
+      d.status === PROJECT_MEMBER_INVITE_STATUS_PENDING &&
+      (
+        normalizeUserId(d.userId) === normalizeUserId(tokenData.userId) ||
+        normalizeEmail(d.email) === normalizeEmail(tokenData.email)
+      )
+    )
+  ))
 }
 
 export const getRoleNameForReviewer = (reviewer, challengePhases = []) => {
diff --git a/src/util/tc.test.js b/src/util/tc.test.js
new file mode 100644
index 00000000..ed12f352
--- /dev/null
+++ b/src/util/tc.test.js
@@ -0,0 +1,257 @@
+/* global describe, it, expect, beforeEach, jest */
+
+import { decodeToken } from 'tc-auth-lib'
+import { PROJECT_MEMBER_INVITE_STATUS_PENDING, PROJECT_ROLES } from '../config/constants'
+import {
+  checkCanCreateProject,
+  checkCanManageProject,
+  checkCanManageProjectBillingAccount,
+  checkManager,
+  checkIsUserInvitedToProject,
+  getProjectMemberByUserId
+} from './tc'
+
+jest.mock('tc-auth-lib', () => ({
+  decodeToken: jest.fn()
+}))
+
+jest.mock('../services/challenges', () => ({
+  fetchResources: jest.fn(),
+  fetchResourceRoles: jest.fn()
+}))
+
+jest.mock('../config/store', () => ({
+  getState: jest.fn()
+}))
+
+describe('checkCanManageProjectBillingAccount', () => {
+  beforeEach(() => {
+    decodeToken.mockReset()
+  })
+
+  it('allows administrators to manage project billing accounts', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['administrator']
+    })
+
+    expect(
+      checkCanManageProjectBillingAccount('token', {
+        members: []
+      })
+    ).toBe(true)
+  })
+
+  it('allows full-access project members to manage project billing accounts', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['project manager']
+    })
+
+    expect(
+      checkCanManageProjectBillingAccount('token', {
+        members: [{
+          userId: '1001',
+          role: PROJECT_ROLES.MANAGER
+        }]
+      })
+    ).toBe(true)
+  })
+
+  it('blocks project-manager roles without full-access project membership', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['project manager']
+    })
+
+    expect(
+      checkCanManageProjectBillingAccount('token', {
+        members: [{
+          userId: '1001',
+          role: PROJECT_ROLES.WRITE
+        }]
+      })
+    ).toBe(false)
+  })
+
+  it('blocks talent-manager roles without full-access project membership', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['talent manager']
+    })
+
+    expect(
+      checkCanManageProjectBillingAccount('token', {
+        members: [{
+          userId: '1001',
+          role: PROJECT_ROLES.WRITE
+        }]
+      })
+    ).toBe(false)
+  })
+})
+
+describe('checkCanManageProject', () => {
+  beforeEach(() => {
+    decodeToken.mockReset()
+  })
+
+  it('allows project-manager roles to manage projects when they have full access', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['project manager']
+    })
+
+    expect(
+      checkCanManageProject('token', {
+        members: [{
+          userId: '1001',
+          role: PROJECT_ROLES.MANAGER
+        }]
+      })
+    ).toBe(true)
+  })
+
+  it('blocks project-manager roles from managing projects without full access', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['project manager']
+    })
+
+    expect(
+      checkCanManageProject('token', {
+        members: [{
+          userId: '1001',
+          role: PROJECT_ROLES.WRITE
+        }]
+      })
+    ).toBe(false)
+  })
+
+  it('allows talent-manager roles to manage projects when they have full access', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['talent manager']
+    })
+
+    expect(
+      checkCanManageProject('token', {
+        members: [{
+          userId: '1001',
+          role: PROJECT_ROLES.MANAGER
+        }]
+      })
+    ).toBe(true)
+  })
+})
+
+describe('checkManager', () => {
+  beforeEach(() => {
+    decodeToken.mockReset()
+  })
+
+  it('treats talent-manager tokens as manager-tier access', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['talent manager']
+    })
+
+    expect(checkManager('token')).toBe(true)
+  })
+
+  it('treats topcoder-talent-manager tokens as manager-tier access', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['topcoder talent manager']
+    })
+
+    expect(checkManager('token')).toBe(true)
+  })
+})
+
+describe('checkCanCreateProject', () => {
+  beforeEach(() => {
+    decodeToken.mockReset()
+  })
+
+  it('allows project-manager roles to create projects', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['project manager']
+    })
+
+    expect(checkCanCreateProject('token')).toBe(true)
+  })
+
+  it('allows copilots to create projects', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['copilot']
+    })
+
+    expect(checkCanCreateProject('token')).toBe(true)
+  })
+
+  it('blocks read-only users from creating projects', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      roles: ['topcoder user']
+    })
+
+    expect(checkCanCreateProject('token')).toBe(false)
+  })
+})
+
+describe('getProjectMemberByUserId', () => {
+  it('matches project members even when ids differ by string vs number types', () => {
+    expect(getProjectMemberByUserId({
+      members: [{
+        userId: '1001',
+        role: PROJECT_ROLES.WRITE
+      }]
+    }, 1001)).toEqual({
+      userId: '1001',
+      role: PROJECT_ROLES.WRITE
+    })
+  })
+})
+
+describe('checkIsUserInvitedToProject', () => {
+  beforeEach(() => {
+    decodeToken.mockReset()
+  })
+
+  it('returns the pending invite for the authenticated user', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      email: 'member@test.com'
+    })
+
+    expect(checkIsUserInvitedToProject('token', {
+      invites: [{
+        status: PROJECT_MEMBER_INVITE_STATUS_PENDING,
+        userId: '1001',
+        email: 'member@test.com'
+      }]
+    })).toEqual({
+      status: PROJECT_MEMBER_INVITE_STATUS_PENDING,
+      userId: '1001',
+      email: 'member@test.com'
+    })
+  })
+
+  it('ignores non-pending invites for the authenticated user', () => {
+    decodeToken.mockReturnValue({
+      userId: '1001',
+      email: 'member@test.com'
+    })
+
+    expect(checkIsUserInvitedToProject('token', {
+      invites: [{
+        status: 'declined',
+        userId: '1001',
+        email: 'member@test.com'
+      }]
+    })).toBeUndefined()
+  })
+})