diff --git a/app/controllers/client_api/users/invitations_controller.rb b/app/controllers/client_api/users/invitations_controller.rb
index 44bf4c93a..f970c930e 100644
--- a/app/controllers/client_api/users/invitations_controller.rb
+++ b/app/controllers/client_api/users/invitations_controller.rb
@@ -33,7 +33,7 @@ module ClientApi
 
       def check_invite_users_permission
         @team = Team.find_by_id(params[:team_id])
-        if @team && !can_create_user_team?(@team)
+        if @team && !can_manage_user_team?(@team)
           respond_422(t('client_api.invite_users.permission_error'))
         end
       end
diff --git a/app/controllers/client_api/users/user_teams_controller.rb b/app/controllers/client_api/users/user_teams_controller.rb
index 64e23076d..5ed92551d 100644
--- a/app/controllers/client_api/users/user_teams_controller.rb
+++ b/app/controllers/client_api/users/user_teams_controller.rb
@@ -3,7 +3,9 @@ module ClientApi
     class UserTeamsController < ApplicationController
       include ClientApi::Users::UserTeamsHelper
 
-      before_action :check_manage_user_team_permission
+      before_action :check_leave_team_permission, only: :leave_team
+      before_action :check_manage_user_team_permission,
+                    only: %i(update_role remove_user)
 
       def leave_team
         ut_service = ClientApi::UserTeamService.new(
@@ -46,9 +48,16 @@ module ClientApi
 
       private
 
+      def check_leave_team_permission
+        user_team = UserTeam.find_by_id(params[:user_team])
+        unless current_user == user_team.user || can_read_team?(user_team.team)
+          respond_422(t('client_api.permission_error'))
+        end
+      end
+
       def check_manage_user_team_permission
-        @user_team = UserTeam.find_by_id(params[:user_team])
-        unless can_update_or_delete_user_team?(@user_team)
+        user_team = UserTeam.find_by_id(params[:user_team])
+        unless can_manage_user_team?(user_team.team)
           respond_422(t('client_api.user_teams.permission_error'))
         end
       end
diff --git a/app/permissions/team.rb b/app/permissions/team.rb
index 5543bee97..ae7055c84 100644
--- a/app/permissions/team.rb
+++ b/app/permissions/team.rb
@@ -1,5 +1,5 @@
 Canaid::Permissions.register_for(Team) do
-  # view projects, view protocols
+  # view projects, view protocols, leave team
   # view samples, export samples
   # view repositories, view repository, export repository rows
   can :read_team do |user, team|
@@ -11,8 +11,8 @@ Canaid::Permissions.register_for(Team) do
     user.is_admin_of_team?(team)
   end
 
-  # invite user to team
-  can :create_user_team do |user, team|
+  # invite user to team, change user's role, remove user from team
+  can :manage_user_team do |user, team|
     user.is_admin_of_team?(team)
   end
 
@@ -52,13 +52,6 @@ Canaid::Permissions.register_for(Team) do
   end
 end
 
-Canaid::Permissions.register_for(UserTeam) do
-  # change user's role, remove user from team, leave team
-  can :update_or_delete_user_team do |user, user_team|
-    user == user_team.user || user.is_admin_of_team?(user_team.team)
-  end
-end
-
 Canaid::Permissions.register_for(Protocol) do
   # view protocol in repository, export protocol from repository
   # view step in protocol in repository, view or dowload step asset
diff --git a/app/services/client_api/user_team_service.rb b/app/services/client_api/user_team_service.rb
index 6cd5685a7..5409ac4ee 100644
--- a/app/services/client_api/user_team_service.rb
+++ b/app/services/client_api/user_team_service.rb
@@ -24,7 +24,6 @@ module ClientApi
     end
 
     def update_role!
-      raise ClientApi::CustomUserTeamError if user_cant_leave?
       unless @role
         raise ClientApi::CustomUserTeamError,
               I18n.t('client_api.generic_error_message')