diff --git a/app/controllers/access_permissions/experiments_controller.rb b/app/controllers/access_permissions/experiments_controller.rb
index b18b128c0..3b902c20b 100644
--- a/app/controllers/access_permissions/experiments_controller.rb
+++ b/app/controllers/access_permissions/experiments_controller.rb
@@ -2,8 +2,8 @@
 
 module AccessPermissions
   class ExperimentsController < ApplicationController
-    before_action :set_project
     before_action :set_experiment
+    before_action :set_project
     before_action :check_read_permissions, only: %i(show)
     before_action :check_manage_permissions, only: %i(edit update)
 
@@ -59,13 +59,11 @@ module AccessPermissions
     end
 
     def set_project
-      @project = current_team.projects.find_by(id: params[:project_id])
-
-      render_404 unless @project
+      @project = @experiment.project
     end
 
     def set_experiment
-      @experiment = @project.experiments.includes(user_assignments: %i(user user_role)).find_by(id: params[:id])
+      @experiment = Experiment.includes(user_assignments: %i(user user_role)).find_by(id: params[:id])
 
       render_404 unless @experiment
     end
diff --git a/app/controllers/access_permissions/my_modules_controller.rb b/app/controllers/access_permissions/my_modules_controller.rb
index 783533355..1bed4d660 100644
--- a/app/controllers/access_permissions/my_modules_controller.rb
+++ b/app/controllers/access_permissions/my_modules_controller.rb
@@ -2,9 +2,9 @@
 
 module AccessPermissions
   class MyModulesController < ApplicationController
-    before_action :set_project
-    before_action :set_experiment
     before_action :set_my_module
+    before_action :set_experiment
+    before_action :set_project
     before_action :check_read_permissions, only: %i(show)
     before_action :check_manage_permissions, only: %i(edit update)
 
@@ -53,19 +53,15 @@ module AccessPermissions
     end
 
     def set_project
-      @project = current_team.projects.find_by(id: params[:project_id])
-
-      render_404 unless @project
+      @project = @experiment.project
     end
 
     def set_experiment
-      @experiment = @project.experiments.find_by(id: params[:experiment_id])
-
-      render_404 unless @experiment
+      @experiment = @my_module.experiment
     end
 
     def set_my_module
-      @my_module = @experiment.my_modules.includes(user_assignments: %i(user user_role)).find_by(id: params[:id])
+      @my_module = MyModule.includes(user_assignments: %i(user user_role)).find_by(id: params[:id])
 
       render_404 unless @my_module
     end
diff --git a/app/controllers/access_permissions/projects_controller.rb b/app/controllers/access_permissions/projects_controller.rb
index 54a2da719..57ae09775 100644
--- a/app/controllers/access_permissions/projects_controller.rb
+++ b/app/controllers/access_permissions/projects_controller.rb
@@ -49,6 +49,7 @@ module AccessPermissions
 
     def create
       ActiveRecord::Base.transaction do
+        created_count = 0
         permitted_create_params[:resource_members].each do |_k, user_assignment_params|
           next unless user_assignment_params[:assign] == '1'
 
@@ -65,11 +66,12 @@ module AccessPermissions
           )
 
           log_activity(:assign_user_to_project, user_assignment)
+          created_count += 1
           propagate_job(user_assignment)
         end
 
         respond_to do |format|
-          @message = t('access_permissions.create.success', count: @project.user_assignments.count)
+          @message = t('access_permissions.create.success', count: created_count)
           format.json { render :edit }
         end
       rescue ActiveRecord::RecordInvalid
@@ -104,8 +106,13 @@ module AccessPermissions
     end
 
     def update_default_public_user_role
-      @project.update!(permitted_default_public_user_role_params)
-      UserAssignments::ProjectGroupAssignmentJob.perform_later(current_team, @project, current_user)
+      Project.transaction do
+        @project.visibility = :hidden if permitted_default_public_user_role_params[:default_public_user_role_id].blank?
+        @project.assign_attributes(permitted_default_public_user_role_params)
+        @project.save!
+
+        UserAssignments::ProjectGroupAssignmentJob.perform_later(current_team, @project, current_user)
+      end
     end
 
     private
diff --git a/app/controllers/access_permissions/protocols_controller.rb b/app/controllers/access_permissions/protocols_controller.rb
index 2c2684115..0a78bfdbb 100644
--- a/app/controllers/access_permissions/protocols_controller.rb
+++ b/app/controllers/access_permissions/protocols_controller.rb
@@ -47,19 +47,22 @@ module AccessPermissions
 
     def create
       ActiveRecord::Base.transaction do
+        created_count = 0
         permitted_create_params[:resource_members].each do |_k, user_assignment_params|
           next unless user_assignment_params[:assign] == '1'
 
           user_assignment = UserAssignment.new(user_assignment_params)
           user_assignment.assignable = @protocol
+          user_assignment.assigned = :manually
           user_assignment.team = current_team
           user_assignment.assigned_by = current_user
           user_assignment.save!
 
+          created_count += 1
           log_activity(:protocol_template_access_granted, user_assignment)
         end
         respond_to do |format|
-          @message = t('access_permissions.create.success', count: @protocol.user_assignments.count)
+          @message = t('access_permissions.create.success', count: created_count)
           format.json { render :edit }
         end
       rescue ActiveRecord::RecordInvalid
@@ -90,8 +93,22 @@ module AccessPermissions
       end
     end
 
+    def update_default_public_user_role
+      Protocol.transaction do
+        @protocol.visibility = :hidden if permitted_default_public_user_role_params[:default_public_user_role_id].blank?
+        @protocol.assign_attributes(permitted_default_public_user_role_params)
+        @protocol.save!
+
+        UserAssignments::ProjectGroupAssignmentJob.perform_later(current_team, @project, current_user)
+      end
+    end
+
     private
 
+    def permitted_default_public_user_role_params
+      params.require(:protocol).permit(:default_public_user_role_id)
+    end
+
     def permitted_update_params
       params.require(:user_assignment)
             .permit(%i(user_role_id user_id))
diff --git a/app/models/concerns/assignable.rb b/app/models/concerns/assignable.rb
index a85797ecc..54fc2c390 100644
--- a/app/models/concerns/assignable.rb
+++ b/app/models/concerns/assignable.rb
@@ -54,12 +54,16 @@ module Assignable
       end
     end
 
+    def top_level_assignable?
+      self.class.name.in?(Extends::TOP_LEVEL_ASSIGNABLES)
+    end
+
     private
 
     def create_users_assignments
       return if skip_user_assignments
 
-      role = if is_a?(Project) || is_a?(Team)
+      role = if top_level_assignable?
                UserRole.find_predefined_owner_role
              else
                permission_parent.user_assignments.find_by(user: created_by).user_role
@@ -68,7 +72,7 @@ module Assignable
       UserAssignment.create!(
         user: created_by,
         assignable: self,
-        assigned: is_a?(Project) ? :manually : :automatically,
+        assigned: top_level_assignable? ? :manually : :automatically,
         user_role: role
       )
 
diff --git a/app/models/protocol.rb b/app/models/protocol.rb
index ba347d7f8..7f2fbe3cc 100644
--- a/app/models/protocol.rb
+++ b/app/models/protocol.rb
@@ -16,10 +16,10 @@ class Protocol < ApplicationRecord
   include TinyMceImages
 
   before_validation :assign_version_number, on: :update, if: -> { protocol_type_changed? && in_repository_published? }
-  after_update :update_user_assignments, if: -> { saved_change_to_protocol_type? && in_repository? }
-  after_destroy :decrement_linked_children
-  after_save :update_linked_children
   after_create :auto_assign_protocol_members, if: :visible?
+  after_destroy :decrement_linked_children
+  after_save :update_user_assignments, if: -> { saved_change_to_visibility? && in_repository? }
+  after_save :update_linked_children
   skip_callback :create, :after, :create_users_assignments, if: -> { in_module? }
 
   enum visibility: { hidden: 0, visible: 1 }
@@ -40,7 +40,9 @@ class Protocol < ApplicationRecord
   validate :prevent_update,
            on: :update,
            if: lambda {
-             in_repository_published? && !protocol_type_changed?(from: 'in_repository_draft') && !archived_changed?
+             # skip check if only public role of visibility changed
+             (changes.keys | %w(default_public_user_role_id visibility)).length != 2 &&
+               in_repository_published? && !protocol_type_changed?(from: 'in_repository_draft') && !archived_changed?
            }
 
   with_options if: :in_module? do
diff --git a/app/services/experiments/table_view_service.rb b/app/services/experiments/table_view_service.rb
index 3dba492e1..c147e0cce 100644
--- a/app/services/experiments/table_view_service.rb
+++ b/app/services/experiments/table_view_service.rb
@@ -68,7 +68,6 @@ module Experiments
         end
 
         experiment = my_module.experiment
-        project = experiment.project
 
         result.push({ id: my_module.id,
                       columns: prepared_my_module,
@@ -81,7 +80,7 @@ module Experiments
                         provisioning_status:
                           my_module.provisioning_status == 'in_progress' &&
                             provisioning_status_my_module_url(my_module),
-                        access: access_url(project, experiment, my_module)
+                        access: access_url(my_module)
                       } })
       end
 
@@ -93,11 +92,11 @@ module Experiments
 
     private
 
-    def access_url(project, experiment, my_module)
+    def access_url(my_module)
       if can_manage_my_module_users?(@user, my_module)
-        edit_access_permissions_project_experiment_my_module_path(project, experiment, my_module)
+        edit_access_permissions_my_module_path(my_module)
       else
-        access_permissions_project_experiment_my_module_path(project, experiment, my_module)
+        access_permissions_my_module_path(my_module)
       end
     end
 
diff --git a/app/services/user_assignments/create_team_user_assignments_service.rb b/app/services/user_assignments/create_team_user_assignments_service.rb
index 97ce5503a..f4dfc60e9 100644
--- a/app/services/user_assignments/create_team_user_assignments_service.rb
+++ b/app/services/user_assignments/create_team_user_assignments_service.rb
@@ -56,7 +56,7 @@ module UserAssignments
     end
 
     def create_protocols_assignments
-      @team.repository_protocols.in_repository_public.find_each do |protocol|
+      @team.repository_protocols.visible.find_each do |protocol|
         create_or_update_user_assignment(protocol, @viewer_role)
       end
     end
diff --git a/app/views/access_permissions/experiments/edit.json.jbuilder b/app/views/access_permissions/experiments/edit.json.jbuilder
index ca2068eed..2bef57ca5 100644
--- a/app/views/access_permissions/experiments/edit.json.jbuilder
+++ b/app/views/access_permissions/experiments/edit.json.jbuilder
@@ -1,13 +1,12 @@
 # frozen_string_literal: true
 
 json.modal controller.render_to_string(
-  partial: 'access_permissions/experiments/modals/edit_modal',
+  partial: 'access_permissions/modals/edit_modal',
   formats: [:html],
   locals: {
-    experiment: @experiment,
-    project: @project,
-    users: @project.manually_assigned_users,
-    project_path: project_path(@project)
+    assignable: @experiment,
+    top_level_assignable: @project,
+    manually_assigned_users: @project.manually_assigned_users
   },
   layout: false
 )
diff --git a/app/views/access_permissions/experiments/experiment_member.json.jbuilder b/app/views/access_permissions/experiments/experiment_member.json.jbuilder
index 6656bd2ab..65f20cbb6 100644
--- a/app/views/access_permissions/experiments/experiment_member.json.jbuilder
+++ b/app/views/access_permissions/experiments/experiment_member.json.jbuilder
@@ -5,9 +5,9 @@ json.form controller.render_to_string(
   formats: [:html],
   locals: {
     user: @user_assignment.user,
-    object: @experiment,
+    assignable: @experiment,
     with_inherit: true,
-    update_path: access_permissions_project_experiment_path(@project, @experiment)
+    update_path: access_permissions_experiment_path(@experiment)
   },
   layout: false
 )
diff --git a/app/views/access_permissions/experiments/modals/_edit_modal.html.erb b/app/views/access_permissions/experiments/modals/_edit_modal.html.erb
deleted file mode 100644
index 07ea17bf9..000000000
--- a/app/views/access_permissions/experiments/modals/_edit_modal.html.erb
+++ /dev/null
@@ -1,28 +0,0 @@
-<% # frozen_string_literal: true %>
-
-<div class="modal fade user-assignments-modal experiment-assignments-modal" tabindex="-1" role="dialog" data-action="modal-close">
-  <div class="modal-dialog modal-lg" role="document">
-    <div class="modal-content" id="user_assignments_modal">
-      <div class="modal-header">
-        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-        <h4 class="modal-title"><%= t '.title', resource_name: experiment.name %></h4>
-      </div>
-      <div class="modal-body">
-        <p class="user-assignments-description">
-          <%= t '.description' %>
-        </p>
-        <hr />
-        <% users.order(full_name: :asc).each do |user| %>
-          <%= render partial: 'access_permissions/partials/member_field',
-                      locals: {
-                        user: user,
-                        with_inherit: true,
-                        object: experiment,
-                        update_path: access_permissions_project_experiment_path(project, experiment)
-                      } %>
-        <% end %>
-        <%= render('access_permissions/partials/default_public_user_role_form', project: project, editable: false) if project.visible? %>
-      </div>
-    </div>
-  </div>
-</div>
diff --git a/app/views/access_permissions/experiments/show.json.jbuilder b/app/views/access_permissions/experiments/show.json.jbuilder
index 16db4eabd..d662c4eed 100644
--- a/app/views/access_permissions/experiments/show.json.jbuilder
+++ b/app/views/access_permissions/experiments/show.json.jbuilder
@@ -4,9 +4,9 @@ json.modal controller.render_to_string(
   partial: 'access_permissions/experiments/modals/show_modal',
   formats: [:html],
   locals: {
-    experiment: @experiment,
-    users: @project.manually_assigned_users,
-    project_path: project_path(@project)
+    assignable: @experiment,
+    top_level_assignable: @project,
+    manually_assigned_users: @project.manually_assigned_users
   },
   layout: false
 )
diff --git a/app/views/access_permissions/modals/_edit_modal.html.erb b/app/views/access_permissions/modals/_edit_modal.html.erb
new file mode 100644
index 000000000..242759a82
--- /dev/null
+++ b/app/views/access_permissions/modals/_edit_modal.html.erb
@@ -0,0 +1,32 @@
+<% # frozen_string_literal: true %>
+
+<div class="modal fade user-assignments-modal <%= assignable.class.name.parameterize(separator: '-') %>-assignments-modal" tabindex="-1" role="dialog" data-action="modal-close">
+  <div class="modal-dialog modal-lg" role="document">
+    <div class="modal-content" id="user_assignments_modal">
+      <div class="modal-header">
+        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+        <h4 class="modal-title"><%= t "access_permissions.#{assignable.class.name.pluralize.underscore}.modals.edit_modal.title", resource_name: assignable.name %></h4>
+      </div>
+      <div class="modal-body">
+        <% manually_assigned_users.order(full_name: :asc).each do |user| %>
+          <%= render('access_permissions/partials/member_field',
+                    user: user,
+                    assignable: assignable,
+                    update_path: public_send("access_permissions_#{assignable.class.name.underscore}_path", assignable),
+                    delete_path: public_send("access_permissions_#{assignable.class.name.underscore}_path", assignable, user_id: user.id)
+          ) %>
+        <% end %>
+        <%= render('access_permissions/partials/default_public_user_role_form', assignable: top_level_assignable, editable: assignable == top_level_assignable) if top_level_assignable.respond_to?(:visible?) && top_level_assignable.visible? %>
+      </div>
+
+      <% if assignable.top_level_assignable? %>
+        <div class="modal-footer">
+          <%= link_to new_assignment_path, class: 'btn btn-default pull-left', data: { action: 'swap-remote-container', target: '#user_assignments_modal' } do %>
+            <i class="fas fa-plus"></i>
+            <%= t('access_permissions.grant_access') %>
+          <% end %>
+        </div>
+      <% end %>
+    </div>
+  </div>
+</div>
diff --git a/app/views/access_permissions/experiments/modals/_show_modal.html.erb b/app/views/access_permissions/modals/_show_modal.html.erb
similarity index 50%
rename from app/views/access_permissions/experiments/modals/_show_modal.html.erb
rename to app/views/access_permissions/modals/_show_modal.html.erb
index 1d1b93386..648e0cee9 100644
--- a/app/views/access_permissions/experiments/modals/_show_modal.html.erb
+++ b/app/views/access_permissions/modals/_show_modal.html.erb
@@ -1,19 +1,18 @@
 <% # frozen_string_literal: true %>
 
-<div class="modal fade experiment-assignments-modal" tabindex="-1" role="dialog" data-action="modal-close">
+<div class="modal fade <%= assignable.class.name.parameterize(separator: '-') %>-assignments-modal" tabindex="-1" role="dialog" data-action="modal-close">
   <div class="modal-dialog modal-lg" role="document">
     <div class="modal-content" id="user_assignments_modal">
       <div class="modal-header">
         <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-        <h4 class="modal-title"><%= t '.title', resource_name: experiment.name %></h4>
+        <h4 class="modal-title"><%= t "access_permissions.#{assignable.class.name.pluralize.underscore}.modals.show_modal.title", assignable_name: assignable.name %></h4>
       </div>
       <div class="modal-body">
-        <% users.order(full_name: :asc).each do |user| %>
-          <% user_assignment = experiment.user_assignments.find_by(user: user) %>
-          <% next if user_assignment.blank? %>
-          <%= render partial: 'access_permissions/partials/user_assignment', locals: { user_assignment: user_assignment, user: user, resource: experiment } %>
+        <% manually_assigned_users.order(full_name: :asc).each do |user| %>
+          <% user_assignment = assignable.user_assignments.find_by(user: user) %>
+          <%= render partial: 'access_permissions/partials/user_assignment', locals: { user_assignment: user_assignment, user: user, assignable: assignable } %>
         <% end %>
-        <%= render('access_permissions/partials/default_public_user_role_form', project: experiment.project, editable: false) if experiment.project.visible? %>
+        <%= render('access_permissions/partials/default_public_user_role_form', assignable: assignable, editable: false) if assignable.respond_to?(:visible?) && assignable.visible? %>
       </div>
     </div>
   </div>
diff --git a/app/views/access_permissions/my_modules/edit.json.jbuilder b/app/views/access_permissions/my_modules/edit.json.jbuilder
index ef3e039d3..7296100fd 100644
--- a/app/views/access_permissions/my_modules/edit.json.jbuilder
+++ b/app/views/access_permissions/my_modules/edit.json.jbuilder
@@ -1,13 +1,12 @@
 # frozen_string_literal: true
 
 json.modal controller.render_to_string(
-  partial: 'access_permissions/my_modules/modals/edit_modal',
+  partial: 'access_permissions/modals/edit_modal',
   formats: [:html],
   locals: {
-    my_module: @my_module,
-    experiment: @experiment,
-    project: @project,
-    users: @project.manually_assigned_users
+    assignable: @my_module,
+    top_level_assignable: @project,
+    manually_assigned_users: @project.manually_assigned_users
   },
   layout: false
 )
diff --git a/app/views/access_permissions/my_modules/modals/_edit_modal.html.erb b/app/views/access_permissions/my_modules/modals/_edit_modal.html.erb
deleted file mode 100644
index e9e2846ac..000000000
--- a/app/views/access_permissions/my_modules/modals/_edit_modal.html.erb
+++ /dev/null
@@ -1,28 +0,0 @@
-<% # frozen_string_literal: true %>
-
-<div class="modal fade user-assignments-modal my-module-assignments-modal" tabindex="-1" role="dialog">
-  <div class="modal-dialog modal-lg" role="document">
-    <div class="modal-content" id="user_assignments_modal">
-      <div class="modal-header">
-        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-        <h4 class="modal-title"><%= t '.title', resource_name: my_module.name %></h4>
-      </div>
-      <div class="modal-body">
-        <p class="user-assignments-description">
-          <%= t '.description' %>
-        </p>
-        <hr />
-        <% users.order(full_name: :asc).each do |user| %>
-          <%= render partial: 'access_permissions/partials/member_field',
-                      locals: {
-                        user: user,
-                        with_inherit: true,
-                        object: my_module,
-                        update_path: access_permissions_project_experiment_my_module_path(project, experiment, my_module)
-                      } %>
-        <% end %>
-        <%= render('access_permissions/partials/default_public_user_role_form', project: project, editable: false) if project.visible? %>
-      </div>
-    </div>
-  </div>
-</div>
diff --git a/app/views/access_permissions/my_modules/modals/_show_modal.html.erb b/app/views/access_permissions/my_modules/modals/_show_modal.html.erb
deleted file mode 100644
index c9f23534d..000000000
--- a/app/views/access_permissions/my_modules/modals/_show_modal.html.erb
+++ /dev/null
@@ -1,21 +0,0 @@
-<% # frozen_string_literal: true %>
-
-<div class="modal fade my-module-assignments-modal" tabindex="-1" role="dialog">
-  <div class="modal-dialog modal-lg" role="document">
-    <div class="modal-content" id="user_assignments_modal">
-      <div class="modal-header">
-        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-        <h4 class="modal-title"><%= t '.title', resource_name: my_module.name %></h4>
-      </div>
-      <div class="modal-body">
-        <% users.order(full_name: :asc).each do |user| %>
-          <% user_assignment = my_module.user_assignments.find_by(user: user) %>
-          <% next if user_assignment.blank? %>
-          <%= render partial: 'access_permissions/partials/user_assignment', locals: { user_assignment: user_assignment, user: user, resource: my_module } %>
-        <% end %>
-        <%= render('access_permissions/partials/default_public_user_role_form',
-                   project: my_module.experiment.project, editable: false) if my_module.experiment.project.visible? %>
-      </div>
-    </div>
-  </div>
-</div>
diff --git a/app/views/access_permissions/my_modules/my_module_member.json.jbuilder b/app/views/access_permissions/my_modules/my_module_member.json.jbuilder
index 267568949..a250dbeae 100644
--- a/app/views/access_permissions/my_modules/my_module_member.json.jbuilder
+++ b/app/views/access_permissions/my_modules/my_module_member.json.jbuilder
@@ -5,11 +5,9 @@ json.form controller.render_to_string(
   formats: [:html],
   locals: {
     user: @user_assignment.user,
+    update_path: access_permissions_my_module_path(@my_module)
     with_inherit: true,
-    object: @my_module,
-    update_path: access_permissions_project_experiment_my_module_path(@project,
-                                                                      @experiment,
-                                                                      @my_module)
+    assignable: @my_module
   },
   layout: false
 )
diff --git a/app/views/access_permissions/my_modules/show.json.jbuilder b/app/views/access_permissions/my_modules/show.json.jbuilder
index 75f1e1dee..d7bb02d85 100644
--- a/app/views/access_permissions/my_modules/show.json.jbuilder
+++ b/app/views/access_permissions/my_modules/show.json.jbuilder
@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
 json.modal controller.render_to_string(
-  partial: 'access_permissions/my_modules/modals/show_modal',
+  partial: 'access_permissions/modals/show_modal',
   formats: [:html],
   locals: {
-    my_module: @my_module,
-    experiment: @experiment,
-    users: @project.manually_assigned_users
+    assignable: @my_module,
+    top_level_assignable: @project,
+    manually_assigned_users: @project.manually_assigned_users
   },
   layout: false
 )
diff --git a/app/views/access_permissions/partials/_default_public_user_role_form.html.erb b/app/views/access_permissions/partials/_default_public_user_role_form.html.erb
index 4f85af09f..8f65da4d4 100644
--- a/app/views/access_permissions/partials/_default_public_user_role_form.html.erb
+++ b/app/views/access_permissions/partials/_default_public_user_role_form.html.erb
@@ -1,25 +1,27 @@
-<%= form_with(model: project, url: update_default_public_user_role_access_permissions_project_path(project), method: :put, remote: true, html: { class: 'row member-item', id: 'public_assignments', data: { action: 'replace-form autosave-form', object_type: :project } }) do |f| %>
-  <div class="user-assignment-info">
-    <div class="global-avatar-container">
-      <%= image_tag "icon/team.png", class: 'img-circle pull-left' %>
+<% if assignable.visible? %>
+  <%= form_with(model: assignable, url: [:update_default_public_user_role, :access_permissions, assignable], method: :put, remote: true, html: { class: 'row member-item', id: 'public_assignments', data: { action: 'replace-form autosave-form', object_type: assignable.class.name.underscore.to_sym } }) do |f| %>
+    <div class="user-assignment-info">
+      <div class="global-avatar-container">
+        <%= image_tag "icon/team.png", class: 'img-circle pull-left' %>
+      </div>
+      <div>
+        <%= t('access_permissions.everyone_else', team_name: assignable.team.name) %>
+        <%= render 'access_permissions/partials/public_members_dropdown', team: assignable.team, assignable: assignable %>
+        <br>
+        <small class="text-muted">
+          <%= assignable.default_public_user_role.name %>
+          <span class="permission-object-tag" title="<%= t("access_permissions.partials.#{assignable.class.name.underscore}_tooltip") %>"">
+            <%= t("access_permissions.partials.#{assignable.class.name.underscore}") %>
+          </span>
+        </small>
+      </div>
     </div>
-    <div>
-      <%= t('access_permissions.everyone_else', team_name: project.team.name) %>
-      <%= render 'access_permissions/partials/public_members_dropdown', team: project.team, assignable: project %>
-      <br>
-      <small class="text-muted">
-        <%= project.default_public_user_role.name %>
-        <span class="permission-object-tag" title="<%= t("access_permissions.partials.project_tooltip") %>"">
-          <%= t("access_permissions.partials.project") %>
-        </span>
-      </small>
+    <div class="user-assignment-controls">
+      <div class="user-assignment-role">
+        <% if editable %>
+          <%= f.select :default_public_user_role_id, options_for_select(user_roles_collection + [[t('access_permissions.remove_access'), nil]], selected: assignable.default_public_user_role_id), {}, class: 'form-control selectpicker', title: t("user_assignment.change_#{assignable.class.name.underscore}_role"), data: { 'selected-text-format' => 'static' } %>
+        <% end %>
+      </div>
     </div>
-  </div>
-  <div class="user-assignment-controls">
-    <div class="user-assignment-role">
-      <% if editable %>
-        <%= f.select :default_public_user_role_id, options_for_select(user_roles_collection, selected: project.default_public_user_role_id), {}, class: 'form-control selectpicker', title: t('user_assignment.change_project_role'), data: { 'selected-text-format' => 'static' } %>
-      <% end %>
-    </div>
-  </div>
+  <% end %>
 <% end %>
diff --git a/app/views/access_permissions/partials/_member_field.html.erb b/app/views/access_permissions/partials/_member_field.html.erb
index 030958da4..bc1cee7a8 100644
--- a/app/views/access_permissions/partials/_member_field.html.erb
+++ b/app/views/access_permissions/partials/_member_field.html.erb
@@ -1,11 +1,11 @@
 <% # frozen_string_literal: true %>
 
 <%
-  object_assignment = object.user_assignments.find_by(user_id: user.id, team: current_team)
+  assignment = assignable.user_assignments.find_by(user_id: user.id, team: current_team)
   item_id = dom_id(user, :assignment_member)
 %>
 
-<%= form_with(model: object_assignment, url: update_path, method: :put, remote: true, html: { class: 'member-item', id: item_id, data: { action: 'replace-form autosave-form', object_type: :assignment_member } }) do |f| %>
+<%= form_with(model: assignment, url: update_path, method: :put, remote: true, html: { class: 'member-item', id: item_id, data: { action: 'replace-form autosave-form', object_type: :assignment_member } }) do |f| %>
   <%= f.hidden_field :user_id, value: f.object.user.id %>
     <div class="user-assignment-info">
       <div class="global-avatar-container">
@@ -14,7 +14,7 @@
       <div>
         <%= current_assignee_name(user) %>
         <br>
-        <small class="text-muted"><%= user_assignment_resource_role_name(user, object) %></small>
+        <small class="text-muted"><%= user_assignment_resource_role_name(user, assignable) %></small>
       </div>
     </div>
     <div class="user-assignment-controls">
@@ -33,7 +33,7 @@
                 </a>
               </li>
             <% end %>
-            <% if defined?(delete_path) && !object_assignment.last_assignable_owner?  %>
+            <% if defined?(delete_path) && !assignment.last_assignable_owner?  %>
               <li role="separator" class="divider" data-hook="support-dropdown-separator"></li>
               <li>
                 <%= link_to delete_path, remote: true, method: :delete, data: { action: 'remote-destroy', target: "##{item_id}" } do %>
diff --git a/app/views/access_permissions/partials/_new_assignments_form.html.erb b/app/views/access_permissions/partials/_new_assignments_form.html.erb
index 71e9b4540..fc2bf4c56 100644
--- a/app/views/access_permissions/partials/_new_assignments_form.html.erb
+++ b/app/views/access_permissions/partials/_new_assignments_form.html.erb
@@ -4,13 +4,13 @@
   <div class="modal-header">
     <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
     <h4 class="modal-title">
-      <%= link_to resource_path, remote: true, class: 'pull-left spacer', data: { action: 'swap-remote-container', target: '#user_assignments_modal' } do %>
+      <%= link_to assignable_path, remote: true, class: 'pull-left spacer', data: { action: 'swap-remote-container', target: '#user_assignments_modal' } do %>
         <i class="fas fa-arrow-left"></i>
       <% end %>
-      <%= t '.title', resource_name: resource.name %>
+      <%= t '.title', resource_name: assignable.name %>
     </h4>
   </div>
-  <%= form_with(url: create_path, method: :post, remote: true, html: { id: 'new-user-assignment-form', data: { action: 'replace-form', target: '#user_assignments_modal', object_type: resource.class.to_s.downcase} }) do |f| %>
+  <%= form_with(url: create_path, method: :post, remote: true, html: { id: 'new-user-assignment-form', data: { action: 'replace-form', target: '#user_assignments_modal', object_type: assignable.class.to_s.downcase} }) do |f| %>
     <div class="modal-body">
       <div class="sci-input-container left-icon">
         <%= text_field_tag :search_users, '', placeholder: t('.find_people_html'), class: 'sci-input-field', data: { action: 'filter-list', target: 'new-user-assignment-to-project-form' } %>
diff --git a/app/views/access_permissions/partials/_user_assignment.html.erb b/app/views/access_permissions/partials/_user_assignment.html.erb
index ee68d5ede..d7eaacff6 100644
--- a/app/views/access_permissions/partials/_user_assignment.html.erb
+++ b/app/views/access_permissions/partials/_user_assignment.html.erb
@@ -10,6 +10,6 @@
     </div>
   </div>
   <div class="user-assignment-controls">
-    <%= resource.user_assignments.find_by(user: user, team: current_team).user_role.name %>
+    <%= assignable.user_assignments.find_by(user: user, team: current_team).user_role.name %>
   </div>
 </div>
diff --git a/app/views/access_permissions/projects/edit.json.jbuilder b/app/views/access_permissions/projects/edit.json.jbuilder
index 092fea671..68411cec1 100644
--- a/app/views/access_permissions/projects/edit.json.jbuilder
+++ b/app/views/access_permissions/projects/edit.json.jbuilder
@@ -1,12 +1,13 @@
 # frozen_string_literal: true
 
 json.html controller.render_to_string(
-  partial: 'access_permissions/projects/modals/edit_modal',
+  partial: 'access_permissions/modals/edit_modal',
   formats: [:html],
   locals: {
-    project: @project,
-    update_path: access_permissions_project_path(@project),
-    new_resource_path: new_access_permissions_project_path(id: @project)
+    assignable: @project,
+    manually_assigned_users: @project.manually_assigned_users,
+    top_level_assignable: @project,
+    new_assignment_path: new_access_permissions_project_path(id: @project)
   },
   layout: false
 )
diff --git a/app/views/access_permissions/projects/modals/_edit_modal.html.erb b/app/views/access_permissions/projects/modals/_edit_modal.html.erb
deleted file mode 100644
index bcc3ffd2b..000000000
--- a/app/views/access_permissions/projects/modals/_edit_modal.html.erb
+++ /dev/null
@@ -1,30 +0,0 @@
-<% # frozen_string_literal: true %>
-
-<div class="modal fade user-assignments-modal project-assignments-modal" tabindex="-1" role="dialog" data-action="modal-close">
-  <div class="modal-dialog modal-lg" role="document">
-    <div class="modal-content" id="user_assignments_modal">
-      <div class="modal-header">
-        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-        <h4 class="modal-title"><%= t '.title', resource_name: project.name %></h4>
-      </div>
-      <div class="modal-body">
-        <% project.manually_assigned_users.order(full_name: :asc).each do |user| %>
-          <%= render('access_permissions/partials/member_field',
-                    user: user,
-                    object: project,
-                    update_path: update_path,
-                    delete_path: access_permissions_project_path(project, user_id: user.id)
-          ) %>
-        <% end %>
-        <%= render('access_permissions/partials/default_public_user_role_form', project: project, editable: true) if project.visible? %>
-      </div>
-
-      <div class="modal-footer">
-        <%= link_to new_resource_path, class: 'btn btn-default pull-left', data: { action: 'swap-remote-container', target: '#user_assignments_modal' } do %>
-          <i class="fas fa-plus"></i>
-          <%= t('access_permissions.grant_access') %>
-        <% end %>
-      </div>
-    </div>
-  </div>
-</div>
diff --git a/app/views/access_permissions/projects/modals/_show_modal.html.erb b/app/views/access_permissions/projects/modals/_show_modal.html.erb
deleted file mode 100644
index 2a9d935a7..000000000
--- a/app/views/access_permissions/projects/modals/_show_modal.html.erb
+++ /dev/null
@@ -1,19 +0,0 @@
-<% # frozen_string_literal: true %>
-
-<div class="modal fade project-assignments-modal" tabindex="-1" role="dialog" data-action="modal-close">
-  <div class="modal-dialog modal-lg" role="document">
-    <div class="modal-content" id="user_assignments_modal">
-      <div class="modal-header">
-        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-        <h4 class="modal-title"><%= t '.title', resource_name: project.name %></h4>
-      </div>
-      <div class="modal-body">
-        <% users.order(full_name: :asc).each do |user| %>
-          <% user_assignment = project.user_assignments.find_by(user: user) %>
-          <%= render partial: 'access_permissions/partials/user_assignment', locals: { user_assignment: user_assignment, user: user, resource: project } %>
-        <% end %>
-        <%= render('access_permissions/partials/default_public_user_role_form', project: project, editable: false) if project.visible? %>
-      </div>
-    </div>
-  </div>
-</div>
diff --git a/app/views/access_permissions/projects/new.json.jbuilder b/app/views/access_permissions/projects/new.json.jbuilder
index 8a54b7352..b23ecd272 100644
--- a/app/views/access_permissions/projects/new.json.jbuilder
+++ b/app/views/access_permissions/projects/new.json.jbuilder
@@ -4,11 +4,11 @@ json.html controller.render_to_string(
   partial: 'access_permissions/partials/new_assignments_form',
   formats: [:html],
   locals: {
-    resource: @project,
+    assignable: @project,
     form_object: @user_assignment,
     users: @available_users,
     create_path: access_permissions_projects_path(id: @project.id),
-    resource_path: edit_access_permissions_project_path(@project)
+    assignable_path: edit_access_permissions_project_path(@project)
   },
   layout: false
 )
diff --git a/app/views/access_permissions/projects/project_member.json.jbuilder b/app/views/access_permissions/projects/project_member.json.jbuilder
index 1992579c6..b6ee40aa6 100644
--- a/app/views/access_permissions/projects/project_member.json.jbuilder
+++ b/app/views/access_permissions/projects/project_member.json.jbuilder
@@ -5,7 +5,7 @@ json.form controller.render_to_string(
   formats: [:html],
   locals: {
     user: @user_assignment.user,
-    object: @project,
+    assignable: @project,
     update_path: access_permissions_project_path(@project),
     delete_path: access_permissions_project_path(@project, user_id: @user_assignment.user.id)
   },
diff --git a/app/views/access_permissions/projects/show.json.jbuilder b/app/views/access_permissions/projects/show.json.jbuilder
index 0f0ee25ea..67961114c 100644
--- a/app/views/access_permissions/projects/show.json.jbuilder
+++ b/app/views/access_permissions/projects/show.json.jbuilder
@@ -1,12 +1,13 @@
 # frozen_string_literal: true
 
 json.modal controller.render_to_string(
-  partial: 'access_permissions/projects/modals/show_modal',
+  partial: 'access_permissions/modals/show_modal',
   formats: [:html],
   locals: {
-    project: @project,
-    users: @project.manually_assigned_users,
-    can_manage_resource: can_manage_project_users?(@project)
+    assignable: @project,
+    manually_assigned_users: @project.manually_assigned_users,
+    top_level_assignable: @project,
+    users: @project.manually_assigned_users
   },
   layout: false
 )
diff --git a/app/views/access_permissions/projects/update_default_public_user_role.json.jbuilder b/app/views/access_permissions/projects/update_default_public_user_role.json.jbuilder
index 2b3f90b11..0cba94518 100644
--- a/app/views/access_permissions/projects/update_default_public_user_role.json.jbuilder
+++ b/app/views/access_permissions/projects/update_default_public_user_role.json.jbuilder
@@ -4,7 +4,7 @@ json.form controller.render_to_string(
   partial: 'access_permissions/partials/default_public_user_role_form',
   formats: [:html],
   locals: {
-    project: @project,
+    assignable: @project,
     editable: true
   },
   layout: false
diff --git a/app/views/access_permissions/protocols/edit.json.jbuilder b/app/views/access_permissions/protocols/edit.json.jbuilder
index 11fd6e2bc..aa065c0b2 100644
--- a/app/views/access_permissions/protocols/edit.json.jbuilder
+++ b/app/views/access_permissions/protocols/edit.json.jbuilder
@@ -1,12 +1,14 @@
 # frozen_string_literal: true
 
 json.html controller.render_to_string(
-  partial: 'access_permissions/protocols/modals/edit_modal',
+  partial: 'access_permissions/modals/edit_modal',
   formats: [:html],
   locals: {
-    protocol: @protocol,
+    assignable: @protocol,
+    top_level_assignable: @protocol,
+    manually_assigned_users: @protocol.manually_assigned_users,
     update_path: access_permissions_protocol_path(@protocol),
-    new_resource_path: new_access_permissions_protocol_path(id: @protocol)
+    new_assignment_path: new_access_permissions_protocol_path(id: @protocol)
   },
   layout: false
 )
diff --git a/app/views/access_permissions/protocols/modals/_edit_modal.html.erb b/app/views/access_permissions/protocols/modals/_edit_modal.html.erb
deleted file mode 100644
index 12347e6a5..000000000
--- a/app/views/access_permissions/protocols/modals/_edit_modal.html.erb
+++ /dev/null
@@ -1,29 +0,0 @@
-<% # frozen_string_literal: true %>
-
-<div class="modal fade user-assignments-modal protocol-assignments-modal" tabindex="-1" role="dialog" data-action="modal-close">
-  <div class="modal-dialog modal-lg" role="document">
-    <div class="modal-content" id="user_assignments_modal">
-      <div class="modal-header">
-        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-        <h4 class="modal-title"><%= t '.title', resource_name: protocol.name %></h4>
-      </div>
-      <div class="modal-body">
-        <% protocol.assigned_users.order(full_name: :asc).each do |user| %>
-          <%= render('access_permissions/partials/member_field',
-                     user: user,
-                     object: protocol,
-                     update_path: update_path,
-                     delete_path: access_permissions_protocol_path(protocol, user_id: user.id)
-                    ) %>
-        <% end %>
-      </div>
-
-      <div class="modal-footer">
-        <%= link_to new_resource_path, class: 'btn btn-default pull-left', data: { action: 'swap-remote-container', target: '#user_assignments_modal' } do %>
-          <i class="fas fa-plus"></i>
-          <%= t('access_permissions.grant_access') %>
-        <% end %>
-      </div>
-    </div>
-  </div>
-</div>
diff --git a/app/views/access_permissions/protocols/modals/_show_modal.html.erb b/app/views/access_permissions/protocols/modals/_show_modal.html.erb
deleted file mode 100644
index 985466480..000000000
--- a/app/views/access_permissions/protocols/modals/_show_modal.html.erb
+++ /dev/null
@@ -1,18 +0,0 @@
-<% # frozen_string_literal: true %>
-
-<div class="modal fade protocol-assignments-modal" tabindex="-1" role="dialog" data-action="modal-close">
-  <div class="modal-dialog modal-lg" role="document">
-    <div class="modal-content" id="user_assignments_modal">
-      <div class="modal-header">
-        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-        <h4 class="modal-title"><%= t '.title', resource_name: protocol.name %></h4>
-      </div>
-      <div class="modal-body">
-        <% users.order(full_name: :asc).each do |user| %>
-          <% user_assignment = protocol.user_assignments.find_by(user: user) %>
-          <%= render partial: 'access_permissions/partials/user_assignment', locals: { user_assignment: user_assignment, user: user, resource: protocol } %>
-        <% end %>
-      </div>
-    </div>
-  </div>
-</div>
diff --git a/app/views/access_permissions/protocols/new.json.jbuilder b/app/views/access_permissions/protocols/new.json.jbuilder
index b0cd526f7..e105a5971 100644
--- a/app/views/access_permissions/protocols/new.json.jbuilder
+++ b/app/views/access_permissions/protocols/new.json.jbuilder
@@ -4,11 +4,11 @@ json.html controller.render_to_string(
   partial: 'access_permissions/partials/new_assignments_form',
   formats: [:html],
   locals: {
-    resource: @protocol,
+    assignable: @protocol,
     form_object: @user_assignment,
     users: current_team.users.where.not(id: @protocol.assigned_users.select(:id)),
     create_path: access_permissions_protocols_path(id: @protocol.id),
-    resource_path: edit_access_permissions_protocol_path(@protocol)
+    assignable_path: edit_access_permissions_protocol_path(@protocol)
   },
   layout: false
 )
diff --git a/app/views/access_permissions/protocols/protocol_member.json.jbuilder b/app/views/access_permissions/protocols/protocol_member.json.jbuilder
index 29b636bac..8d0e8916e 100644
--- a/app/views/access_permissions/protocols/protocol_member.json.jbuilder
+++ b/app/views/access_permissions/protocols/protocol_member.json.jbuilder
@@ -5,7 +5,7 @@ json.form controller.render_to_string(
   formats: [:html],
   locals: {
     user: @user_assignment.user,
-    object: @protocol,
+    assignable: @protocol,
     update_path: access_permissions_protocol_path(@protocol),
     delete_path: access_permissions_protocol_path(@protocol, user_id: @user_assignment.user_id)
   },
diff --git a/app/views/access_permissions/protocols/update_default_public_user_role.json.jbuilder b/app/views/access_permissions/protocols/update_default_public_user_role.json.jbuilder
new file mode 100644
index 000000000..d151934ff
--- /dev/null
+++ b/app/views/access_permissions/protocols/update_default_public_user_role.json.jbuilder
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+json.form controller.render_to_string(
+  partial: 'access_permissions/partials/default_public_user_role_form',
+  formats: [:html],
+  locals: {
+    assignable: @protocol,
+    editable: true
+  },
+  layout: false
+)
diff --git a/app/views/canvas/edit/_my_module_dropdown_menu.html.erb b/app/views/canvas/edit/_my_module_dropdown_menu.html.erb
index d873e6189..e2177b7a0 100644
--- a/app/views/canvas/edit/_my_module_dropdown_menu.html.erb
+++ b/app/views/canvas/edit/_my_module_dropdown_menu.html.erb
@@ -15,7 +15,7 @@
 <% end %>
 <li>
   <%= link_to t('experiments.canvas.edit.task_access'),
-              can_manage_my_module_users?(my_module) ? edit_access_permissions_project_experiment_my_module_path(my_module.experiment.project, my_module.experiment, my_module) : access_permissions_project_experiment_my_module_path(my_module.experiment.project, my_module.experiment, my_module),
+              can_manage_my_module_users?(my_module) ? edit_access_permissions_my_module_path(my_module) : access_permissions_my_module_path(my_module),
               data: { action: 'remote-modal'} %>
 </li>
 <% if can_archive_my_module?(my_module) %>
diff --git a/app/views/experiments/_dropdown_actions.html.erb b/app/views/experiments/_dropdown_actions.html.erb
index 8c73cee2f..da6a41df7 100644
--- a/app/views/experiments/_dropdown_actions.html.erb
+++ b/app/views/experiments/_dropdown_actions.html.erb
@@ -43,14 +43,14 @@
   <!-- Set or view user experiment assignments -->
   <% if can_manage_experiment_users?(experiment) %>
     <li>
-      <%= link_to edit_access_permissions_project_experiment_path(project, experiment), data: { action: 'remote-modal'} do %>
+      <%= link_to edit_access_permissions_experiment_path(experiment), data: { action: 'remote-modal'} do %>
         <i class="fas fa-door-open"></i>
         <span><%= t('experiments.index.experiment_access') %></span>
       <% end %>
     </li>
   <% else %>
     <li>
-      <%= link_to access_permissions_project_experiment_path(project, experiment), data: { action: 'remote-modal'} do %>
+      <%= link_to access_permissions_experiment_path(experiment), data: { action: 'remote-modal'} do %>
         <i class="fas fa-door-open"></i>
         <span><%= t('experiments.index.experiment_access') %></span>
       <% end %>
diff --git a/app/views/experiments/_table_row_actions.html.erb b/app/views/experiments/_table_row_actions.html.erb
index d33429c3d..10a2adf30 100644
--- a/app/views/experiments/_table_row_actions.html.erb
+++ b/app/views/experiments/_table_row_actions.html.erb
@@ -24,9 +24,9 @@
   </li>
 <% end %>
 <% if can_manage_my_module_users?(my_module) %>
-  <% task_access_path = edit_access_permissions_project_experiment_my_module_path(my_module.experiment.project, my_module.experiment, my_module) %>
+  <% task_access_path = edit_access_permissions_my_module_path(my_module) %>
 <% else %>
-  <% task_access_path = access_permissions_project_experiment_my_module_path(my_module.experiment.project, my_module.experiment, my_module) %>
+  <% task_access_path = access_permissions_my_module_path(my_module) %>
 <% end %>
 <li>
   <a class="open-access-modal" data-action="remote-modal" href="<%= task_access_path %>">
diff --git a/app/views/my_modules/_module_header_details_popover.html.erb b/app/views/my_modules/_module_header_details_popover.html.erb
index 20fa78bc7..05d063b93 100644
--- a/app/views/my_modules/_module_header_details_popover.html.erb
+++ b/app/views/my_modules/_module_header_details_popover.html.erb
@@ -51,8 +51,8 @@
     <div class="col-xs-12">
        <%= link_to t('my_modules.details.info_popover.view_task_access'),
                       can_manage_my_module_users?(@my_module) ?
-                        edit_access_permissions_project_experiment_my_module_path(@my_module.experiment.project, @my_module.experiment, @my_module) :
-                        access_permissions_project_experiment_my_module_path(@my_module.experiment.project, @my_module.experiment, @my_module),
+                        edit_access_permissions_my_module_path(@my_module) :
+                        access_permissions_my_module_path(@my_module),
                       data: { action: 'remote-modal'} %>
     </div>
   </div>
diff --git a/app/views/projects/show/_experiment_actions_dropdown.html.erb b/app/views/projects/show/_experiment_actions_dropdown.html.erb
index 7af8fea51..414e50e00 100644
--- a/app/views/projects/show/_experiment_actions_dropdown.html.erb
+++ b/app/views/projects/show/_experiment_actions_dropdown.html.erb
@@ -35,14 +35,14 @@
   <!-- Set or view user experiment assignments -->
   <% if can_manage_experiment_users?(experiment) %>
     <li class="form-dropdown-item">
-      <%= link_to edit_access_permissions_project_experiment_path(experiment.project, experiment), data: { action: 'remote-modal'} do %>
+      <%= link_to edit_access_permissions_experiment_path(experiment), data: { action: 'remote-modal'} do %>
         <i class="fas fa-door-open"></i>
         <span><%= t('experiments.index.experiment_access') %></span>
       <% end %>
     </li>
   <% else %>
     <li class="form-dropdown-item">
-      <%= link_to access_permissions_project_experiment_path(experiment.project, experiment), data: { action: 'remote-modal'} do %>
+      <%= link_to access_permissions_experiment_path(experiment), data: { action: 'remote-modal'} do %>
         <i class="fas fa-door-open"></i>
         <span><%= t('experiments.index.experiment_access') %></span>
       <% end %>
diff --git a/config/initializers/extends.rb b/config/initializers/extends.rb
index f1c7c8866..57a76f7de 100644
--- a/config/initializers/extends.rb
+++ b/config/initializers/extends.rb
@@ -458,6 +458,8 @@ class Extends
     label_repository: [*216..219]
   }
 
+  TOP_LEVEL_ASSIGNABLES = %w(Project Team Protocol Repository).freeze
+
   SHARED_INVENTORIES_PERMISSION_LEVELS = {
     not_shared: 0,
     shared_read: 1,
diff --git a/config/routes.rb b/config/routes.rb
index fca328c62..afa3ee4dc 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -280,14 +280,16 @@ Rails.application.routes.draw do
     end
 
     namespace :access_permissions do
-      resources :protocols, defaults: { format: 'json' }
       resources :projects, defaults: { format: 'json' } do
         put :update_default_public_user_role, on: :member
-        resources :experiments, only: %i(show update edit) do
-          resources :my_modules, only: %i(show update edit)
-        end
       end
-      resources :protocols, only: %i(show update edit)
+
+      resources :protocols, defaults: { format: 'json' } do
+        put :update_default_public_user_role, on: :member
+      end
+
+      resources :experiments, only: %i(show update edit)
+      resources :my_modules, only: %i(show update edit)
     end
 
     resources :projects, except: [:destroy] do
diff --git a/db/migrate/20230223142119_set_default_public_user_role_on_protocols.rb b/db/migrate/20230223142119_set_default_public_user_role_on_protocols.rb
new file mode 100644
index 000000000..038fc8cba
--- /dev/null
+++ b/db/migrate/20230223142119_set_default_public_user_role_on_protocols.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class SetDefaultPublicUserRoleOnProtocols < ActiveRecord::Migration[6.1]
+  def change
+    Protocol.visible.where(default_public_user_role_id: nil).update_all(
+      default_public_user_role_id: UserRole.find_predefined_viewer_role.id
+    )
+  end
+end