diff --git a/coldfront/config/core.py b/coldfront/config/core.py
index 34dc95f06..4d94def95 100644
--- a/coldfront/config/core.py
+++ b/coldfront/config/core.py
@@ -35,6 +35,11 @@
 PENDING_ACTIVE_ALLOCATION_STATUSES = PENDING_ALLOCATION_STATUSES + ACTIVE_ALLOCATION_STATUSES
 INACTIVE_ALLOCATION_STATUSES = ['Denied', 'Expired', 'Inactive', 'Pending Deactivation']
 
+# Categorization of project manager permissions
+MANAGERS = ['General Manager', 'Access Manager', 'Data Manager']
+ACCESS_MANAGERS = ['General Manager', 'Access Manager']
+DATA_MANAGERS = ['General Manager', 'Data Manager']
+
 #------------------------------------------------------------------------------
 # DjangoQ settings
 #------------------------------------------------------------------------------
diff --git a/coldfront/core/allocation/models.py b/coldfront/core/allocation/models.py
index f1530b173..68992463f 100644
--- a/coldfront/core/allocation/models.py
+++ b/coldfront/core/allocation/models.py
@@ -467,10 +467,12 @@ def user_permissions(self, user):
 
         project_perms = self.project.user_permissions(user)
 
-        if ProjectPermission.PI in project_perms or ProjectPermission.MANAGER in project_perms:
+        if ProjectPermission.PI in project_perms or ProjectPermission.DATA_MANAGER in project_perms:
             return [AllocationPermission.USER, AllocationPermission.MANAGER]
 
-        if self.allocationuser_set.filter(user=user, status__name__in=['Active', 'New', ]).exists():
+        if self.project.projectuser_set.filter(user=user, status__name='Active').exists():
+            return [AllocationPermission.USER]
+        if self.allocationuser_set.filter(user=user, status__name__in=['Active', 'New']).exists():
             return [AllocationPermission.USER]
 
         return []
diff --git a/coldfront/core/allocation/templates/allocation/allocation_detail.html b/coldfront/core/allocation/templates/allocation/allocation_detail.html
index 5178ddfb2..b79348917 100644
--- a/coldfront/core/allocation/templates/allocation/allocation_detail.html
+++ b/coldfront/core/allocation/templates/allocation/allocation_detail.html
@@ -50,13 +50,13 @@ <h2>Allocation Detail</h2>
       <div class="col">
         <h3><i class="fas fa-list" aria-hidden="true"></i> Allocation Information</h3>
       </div>
-    {% if allocation.is_changeable and not allocation.is_locked and is_allowed_to_update_project and allocation.status.name in 'Active, Renewal Requested, Payment Pending, Payment Requested, Paid' %}
+      {% if allocation.is_changeable and not allocation.is_locked and is_allowed_to_update_project and allocation.status.name in 'Active, Renewal Requested, Payment Pending, Payment Requested, Paid' %}
       <div class="col">
         <a class="btn btn-primary" href="{% url 'allocation-change' allocation.pk %}" role="button" style="float: right;">
           Request Change
         </a>
       </div>
-    {% endif %}
+      {% endif %}
     </div>
   </div>
 
diff --git a/coldfront/core/allocation/tests/test_views.py b/coldfront/core/allocation/tests/test_views.py
index d5822c256..1a8ff5881 100644
--- a/coldfront/core/allocation/tests/test_views.py
+++ b/coldfront/core/allocation/tests/test_views.py
@@ -80,10 +80,8 @@ def setUpTestData(cls):
     def test_allocation_list_access_admin(self):
         """Confirm that AllocationList access control works for admin"""
         self.allocation_access_tstbase('/allocation/')
-
         # confirm that show_all_allocations=on enables admin to view all allocations
         response = self.client.get("/allocation/?show_all_allocations=on")
-
         self.assertEqual(len(response.context['item_list']), Allocation.objects.all().count())
 
     def test_allocation_list_access_pi(self):
@@ -96,6 +94,20 @@ def test_allocation_list_access_pi(self):
         response = self.client.get("/allocation/?show_all_allocations=on")
         self.assertEqual(len(response.context['item_list']), 1)
 
+    def test_allocation_list_access_manager(self):
+        """Confirm that AllocationList access control works for managers
+        When show_all_allocations=on, manager still sees only allocations belonging
+        to the projects they are manager for.
+        """
+        # confirm that show_all_allocations=on enables admin to view all allocations
+        self.client.force_login(self.proj_datamanager, backend=BACKEND)
+        response = self.client.get("/allocation/?show_all_allocations=on")
+        self.assertEqual(len(response.context['item_list']), 1)
+        # confirm that show_all_allocations=on enables admin to view all allocations
+        self.client.force_login(self.proj_accessmanager, backend=BACKEND)
+        response = self.client.get("/allocation/?show_all_allocations=on")
+        self.assertEqual(len(response.context['item_list']), 1)
+
     def test_allocation_list_access_user(self):
         """Confirm that AllocationList access control works for non-pi users
         When show_all_allocations=on, users see only the allocations they
@@ -116,13 +128,13 @@ def test_allocation_list_access_user(self):
         response = self.client.get("/allocation/?show_all_allocations=on")
         self.assertEqual(len(response.context['item_list']), 1)
 
-        # nonallocation user belonging to project can't see allocation
-        self.client.force_login(self.nonproj_nonallocation_user, backend=BACKEND)
+        # nonallocation user belonging to project can see allocation
+        self.client.force_login(self.proj_nonallocation_user, backend=BACKEND)
         response = self.client.get("/allocation/?show_all_allocations=on")
-        self.assertEqual(len(response.context['item_list']), 0)
+        self.assertEqual(len(response.context['item_list']), 1)
 
-        # nonallocation user belonging to project can't see allocation
-        self.client.force_login(self.proj_nonallocation_user, backend=BACKEND)
+        # nonallocation user not belonging to project can't see allocation
+        self.client.force_login(self.nonproj_nonallocation_user, backend=BACKEND)
         response = self.client.get("/allocation/?show_all_allocations=on")
         self.assertEqual(len(response.context['item_list']), 0)
 
@@ -143,20 +155,17 @@ def setUp(self):
         """create an AllocationChangeRequest to test"""
         self.client.force_login(self.admin_user, backend=BACKEND)
         AllocationChangeRequestFactory(id=2, allocation=self.proj_allocation)
+        self.url = reverse('allocation-change-detail', kwargs={'pk': 2})
 
     def test_allocationchangedetailview_access(self):
-        response = self.client.get(
-            reverse('allocation-change-detail', kwargs={'pk': 2})
-        )
+        response = self.client.get(self.url)
         self.assertEqual(response.status_code, 200)
 
     def test_allocationchangedetailview_post_permissions_admin(self):
         """Test post request"""
         param = {'action': 'deny'}
         self.client.force_login(self.admin_user, backend=BACKEND)
-        response = self.client.post(
-            reverse('allocation-change-detail', kwargs={'pk': 2}), param, follow=True
-        )
+        response = self.client.post(self.url, param, follow=True)
         alloc_change_req = AllocationChangeRequest.objects.get(pk=2)
         self.assertEqual(alloc_change_req.status_id, 3)
 
@@ -164,9 +173,7 @@ def test_allocationchangedetailview_post_permissions_pi(self):
         """pi can't post changes"""
         param = {'action': 'deny'}
         self.client.force_login(self.pi_user, backend=BACKEND)
-        self.client.post(
-            reverse('allocation-change-detail', kwargs={'pk': 2}), param, follow=True
-        )
+        self.client.post(self.url, param, follow=True)
         alloc_change_req = AllocationChangeRequest.objects.get(pk=2)
         self.assertNotEqual(alloc_change_req.status_id, 3)
 
@@ -174,18 +181,13 @@ def test_allocationchangedetailview_post_permissions_normaluser(self):
         """normal user can't post changes"""
         param = {'action': 'deny'}
         self.client.force_login(self.proj_allocation_user, backend=BACKEND)
-        self.client.post(
-            reverse('allocation-change-detail', kwargs={'pk': 2}), param, follow=True
-        )
+        self.client.post(self.url, param, follow=True)
         alloc_change_req = AllocationChangeRequest.objects.get(pk=2)
         self.assertNotEqual(alloc_change_req.status_id, 3)
 
-
     def test_allocationchangedetailview_post_deny(self):
         param = {'action': 'deny'}
-        response = self.client.post(
-            reverse('allocation-change-detail', kwargs={'pk': 2}), param, follow=True
-        )
+        response = self.client.post(self.url, param, follow=True)
         self.assertEqual(response.status_code, 200)
         alloc_change_req = AllocationChangeRequest.objects.get(pk=2)
         self.assertEqual(alloc_change_req.status_id, 3)
@@ -193,14 +195,10 @@ def test_allocationchangedetailview_post_deny(self):
     def test_allocationchangedetailview_post_approve(self):
         # with nothing changed, should get error message of "You must make a change to the allocation."
         param = {'action': 'approve'}
-        response = self.client.post(
-            reverse('allocation-change-detail', kwargs={'pk': 2}), param, follow=True
-        )
+        response = self.client.post(self.url, param, follow=True)
         self.assertEqual(response.status_code, 200)
         messages = list(response.context['messages'])
         self.assertEqual(str(messages[0]), "You must make a change to the allocation.")
-        # alloc_change_req = AllocationChangeRequest.objects.get(pk=2)
-        # self.assertEqual(alloc_change_req.status_id, 2)
 
 
 class AllocationChangeViewTest(AllocationViewBaseTest):
@@ -218,6 +216,7 @@ def setUp(self):
             'end_date_extension': 0,
         }
         self.url = '/allocation/1/change-request'
+        self.success_msg = "Allocation change request successfully submitted."
 
     def test_allocationchangeview_access(self):
         """Test get request"""
@@ -230,14 +229,11 @@ def test_allocationchangeview_post_permissions(self):
         self.post_data['attributeform-0-new_value'] = '1000'
         self.client.force_login(self.admin_user, backend=BACKEND)
         response = self.client.post(self.url, data=self.post_data, follow=True)
-        self.assertContains(
-            response, "Allocation change request successfully submitted."
-        )
+
+        self.assertContains(response, self.success_msg)
         self.client.force_login(self.pi_user, backend=BACKEND)
         response = self.client.post(self.url, data=self.post_data, follow=True)
-        self.assertContains(
-            response, "Allocation change request successfully submitted."
-        )
+        self.assertContains(response, self.success_msg)
 
         self.client.force_login(self.proj_allocation_user, backend=BACKEND)
         response = self.client.post(self.url, data=self.post_data, follow=True)
@@ -245,50 +241,33 @@ def test_allocationchangeview_post_permissions(self):
 
     def test_allocationchangeview_post_extension(self):
         """Test post request to extend end date"""
-
         self.post_data['end_date_extension'] = 90
         self.assertEqual(len(AllocationChangeRequest.objects.all()), 0)
-        response = self.client.post(
-            '/allocation/1/change-request', data=self.post_data, follow=True
-        )
+        response = self.client.post(self.url, data=self.post_data, follow=True)
         self.assertEqual(response.status_code, 200)
-        self.assertContains(
-            response, "Allocation change request successfully submitted."
-        )
+        self.assertContains(response, self.success_msg)
         self.assertEqual(len(AllocationChangeRequest.objects.all()), 1)
 
     def test_allocationchangeview_post_no_change(self):
         """Post request with no change should not go through"""
-
         self.assertEqual(len(AllocationChangeRequest.objects.all()), 0)
-
-        response = self.client.post(
-            '/allocation/1/change-request', data=self.post_data, follow=True
-        )
+        response = self.client.post(self.url, data=self.post_data, follow=True)
         self.assertContains(response, "You must request a change")
         self.assertEqual(len(AllocationChangeRequest.objects.all()), 0)
 
     def test_allocationchangeview_post_more_tb(self):
         """Post request with more TB should go through"""
-
         self.post_data['attributeform-0-new_value'] = '1000'
         self.assertEqual(len(AllocationChangeRequest.objects.all()), 0)
-        response = self.client.post(
-            '/allocation/1/change-request', data=self.post_data, follow=True
-        )
-        self.assertContains(
-            response, "Allocation change request successfully submitted."
-        )
+        response = self.client.post(self.url, data=self.post_data, follow=True)
+        self.assertContains(response, self.success_msg)
         self.assertEqual(len(AllocationChangeRequest.objects.all()), 1)
 
     def test_allocationchangeview_post_more_tb_decimal(self):
         """Post request for more TB with decimal should not go through"""
-
         self.post_data['attributeform-0-new_value'] = '1000.1'
         self.assertEqual(len(AllocationChangeRequest.objects.all()), 0)
-        response = self.client.post(
-            '/allocation/1/change-request', data=self.post_data, follow=True
-        )
+        response = self.client.post(self.url, data=self.post_data, follow=True)
         self.assertContains(response, "Value must be an integer.")
         self.assertEqual(len(AllocationChangeRequest.objects.all()), 0)
 
@@ -302,7 +281,7 @@ def setUp(self):
     def test_allocation_detail_access(self):
         self.allocation_access_tstbase(self.url)
         utils.test_user_can_access(self, self.pi_user, self.url)  # PI can access
-        utils.test_user_cannot_access(self, self.proj_nonallocation_user, self.url)
+        utils.test_user_can_access(self, self.proj_nonallocation_user, self.url)
         # check access for allocation user with "Removed" status
 
     def test_allocation_detail_template_value_render(self):
@@ -319,41 +298,35 @@ def test_allocation_detail_template_value_render(self):
 
     def test_allocationdetail_requestchange_button(self):
         """Test visibility of "Request Change" button for different user types"""
-        utils.page_contains_for_user(self, self.admin_user, self.url, 'Request Change')
-        utils.page_contains_for_user(self, self.pi_user, self.url, 'Request Change')
+        search_text = 'Request Change'
+        utils.page_contains_for_user(self, self.admin_user, self.url, search_text)
+        utils.page_contains_for_user(self, self.pi_user, self.url, search_text)
+        utils.page_contains_for_user(self, self.proj_datamanager, self.url, search_text)
         utils.page_does_not_contain_for_user(
-            self, self.proj_allocation_user, self.url, 'Request Change'
-        )
+            self, self.proj_accessmanager, self.url, search_text)
+        utils.page_does_not_contain_for_user(
+            self, self.proj_allocation_user, self.url, search_text)
 
     def test_allocationattribute_button_visibility(self):
         """Test visibility of "Add Attribute" button for different user types"""
         # admin
-        utils.page_contains_for_user(
-            self, self.admin_user, self.url, 'Add Allocation Attribute'
-        )
-        utils.page_contains_for_user(
-            self, self.admin_user, self.url, 'Delete Allocation Attribute'
-        )
+        add_text = 'Add Allocation Attribute'
+        delete_text = 'Delete Allocation Attribute'
+        utils.page_contains_for_user(self, self.admin_user, self.url, add_text)
+        utils.page_contains_for_user(self, self.admin_user, self.url, delete_text)
         # pi
-        utils.page_does_not_contain_for_user(
-            self, self.pi_user, self.url, 'Add Allocation Attribute'
-        )
-        utils.page_does_not_contain_for_user(
-            self, self.pi_user, self.url, 'Delete Allocation Attribute'
-        )
+        utils.page_does_not_contain_for_user(self, self.pi_user, self.url, add_text)
+        utils.page_does_not_contain_for_user(self, self.pi_user, self.url, delete_text)
         # allocation user
         utils.page_does_not_contain_for_user(
-            self, self.proj_allocation_user, self.url, 'Add Allocation Attribute'
+            self, self.proj_allocation_user, self.url, add_text
         )
         utils.page_does_not_contain_for_user(
-            self, self.proj_allocation_user, self.url, 'Delete Allocation Attribute'
+            self, self.proj_allocation_user, self.url, delete_text
         )
 
     def test_allocationuser_button_visibility(self):
         """Test visibility of "Add/Remove Users" buttons for different user types"""
-        # admin
-        # utils.page_contains_for_user(self, self.admin_user, self.url, 'Add Users')
-        # utils.page_contains_for_user(self, self.admin_user, self.url, 'Remove Users')
         # we're removing these buttons for everybody, to avoid confusion re: procedure for user addition/removal
         utils.page_does_not_contain_for_user(
             self, self.admin_user, self.url, 'Add Users'
@@ -379,7 +352,7 @@ class AllocationCreateViewTest(AllocationViewBaseTest):
     """Tests for the AllocationCreateView"""
 
     def setUp(self):
-        self.url = f'/allocation/project/{self.project.pk}/create'  # url for AllocationCreateView
+        self.url = f'/allocation/project/{self.project.pk}/create' # url for AllocationCreateView
         self.client.force_login(self.pi_user)
         tier_restype = ResourceTypeFactory(name='Storage Tier')
         storage_tier = ResourceFactory(resource_type=tier_restype)
@@ -394,13 +367,14 @@ def test_allocationcreateview_access(self):
         """Test access to the AllocationCreateView"""
         self.allocation_access_tstbase(self.url)
         utils.test_user_can_access(self, self.pi_user, self.url)
+        utils.test_user_can_access(self, self.proj_datamanager, self.url)
+        utils.test_user_cannot_access(self, self.proj_accessmanager, self.url)
         utils.test_user_cannot_access(self, self.proj_nonallocation_user, self.url)
 
     def test_allocationcreateview_post(self):
         """Test POST to the AllocationCreateView"""
         self.assertEqual(len(self.project.allocation_set.all()), 1)
         response = self.client.post(self.url, data=self.post_data, follow=True)
-
         self.assertContains(response, "Allocation requested.")
         self.assertEqual(len(self.project.allocation_set.all()), 2)
 
@@ -428,10 +402,9 @@ def test_allocationcreateview_post_offerlettercode_valid(self):
 
     def test_allocationcreateview_post_bools(self):
         """ensure booleans are properly saved"""
-        self.post_data['additional_specifications'] = [
-            'Heavy IO', 'Mounted', 'External Sharing', 'High Security', 'DUA']
-        response = self.client.post(self.url, data=self.post_data, follow=True)
         aa_names = ['Heavy IO', 'Mounted', 'High Security', 'DUA', 'External Sharing']
+        self.post_data['additional_specifications'] = aa_names
+        response = self.client.post(self.url, data=self.post_data, follow=True)
         aa_objs = AllocationAttribute.objects.filter(
             allocation_attribute_type__name__in=aa_names
         )
@@ -443,7 +416,6 @@ def test_allocationcreateview_post_offerlettercode_multiplefield_invalid(self):
         response = self.client.post(self.url, data=self.post_data, follow=True)
         self.assertContains(response, "must either select an existing expense code or")
 
-
     def test_allocationcreateview_post_hsph_offerlettercode(self):
         """Ensure that form goes through if existing_expense_codes is checked"""
         self.post_data['existing_expense_codes'] = '000-000-000-000-000-000-000-000-000-000-000'
@@ -466,19 +438,7 @@ def setUp(self):
 
     def test_allocationaddusersview_access(self):
         self.allocation_access_tstbase(self.url)
-        no_permission = 'You do not have permission to add users to the allocation.'
-
-        self.client.force_login(self.admin_user, backend=BACKEND)
-        admin_response = self.client.get(self.url)
-        self.assertTrue(no_permission not in str(admin_response.content))
-
-        self.client.force_login(self.pi_user, backend=BACKEND)
-        pi_response = self.client.get(self.url)
-        self.assertTrue(no_permission not in str(pi_response.content))
-
-        self.client.force_login(self.proj_allocation_user, backend=BACKEND)
-        user_response = self.client.get(self.url)
-        self.assertTrue(no_permission in str(user_response.content))
+        utils.test_user_cannot_access(self, self.pi_user, self.url)
 
 
 class AllocationRemoveUsersViewTest(AllocationViewBaseTest):
@@ -489,6 +449,7 @@ def setUp(self):
 
     def test_allocationremoveusersview_access(self):
         self.allocation_access_tstbase(self.url)
+        utils.test_user_cannot_access(self, self.pi_user, self.url)
 
 
 class AllocationRequestListViewTest(AllocationViewBaseTest):
@@ -499,6 +460,7 @@ def setUp(self):
 
     def test_allocationrequestlistview_access(self):
         self.allocation_access_tstbase(self.url)
+        utils.test_user_cannot_access(self, self.pi_user, self.url)
 
 
 class AllocationChangeListViewTest(AllocationViewBaseTest):
diff --git a/coldfront/core/allocation/views.py b/coldfront/core/allocation/views.py
index baa5a3a0c..f78a11608 100644
--- a/coldfront/core/allocation/views.py
+++ b/coldfront/core/allocation/views.py
@@ -217,7 +217,7 @@ def get_context_data(self, **kwargs):
 
         # Can the user update the project?
         project_update_perm = allocation_obj.project.has_perm(
-            self.request.user, ProjectPermission.UPDATE
+            self.request.user, ProjectPermission.DATA_MANAGER
         )
         context['is_allowed_to_update_project'] = project_update_perm
         context['allocation_users'] = allocation_users
@@ -464,8 +464,7 @@ def get_queryset(self):
                     # Q(project__projectuser__status__name='Active') &
                     # Q(project__projectuser__user=self.request.user) &
                     (
-                        (Q(project__projectuser__role__name='Manager') &
-                        Q(project__projectuser__user=self.request.user) )|
+                        Q(project__projectuser__user=self.request.user) |
                         Q(project__pi=self.request.user) |
                         (
                             Q(allocationuser__user=self.request.user)
@@ -544,7 +543,7 @@ class AllocationCreateView(LoginRequiredMixin, UserPassesTestMixin, FormView):
     def test_func(self):
         """UserPassesTestMixin Tests"""
         project_obj = get_object_or_404(Project, pk=self.kwargs.get('project_pk'))
-        if project_obj.has_perm(self.request.user, ProjectPermission.UPDATE):
+        if project_obj.has_perm(self.request.user, ProjectPermission.DATA_MANAGER):
             return True
         err = 'You do not have permission to create a new allocation.'
         messages.error(self.request, err)
@@ -766,8 +765,7 @@ class AllocationAddUsersView(LoginRequiredMixin, UserPassesTestMixin, TemplateVi
 
     def test_func(self):
         """UserPassesTestMixin Tests"""
-        allocation_obj = get_object_or_404(Allocation, pk=self.kwargs.get('pk'))
-        if allocation_obj.has_perm(self.request.user, AllocationPermission.MANAGER):
+        if self.request.user.is_superuser:
             return True
         err = 'You do not have permission to add users to the allocation.'
         messages.error(self.request, err)
@@ -874,10 +872,8 @@ class AllocationRemoveUsersView(LoginRequiredMixin, UserPassesTestMixin, Templat
 
     def test_func(self):
         """UserPassesTestMixin Tests"""
-        allocation_obj = get_object_or_404(Allocation, pk=self.kwargs.get('pk'))
-        if allocation_obj.has_perm(self.request.user, AllocationPermission.MANAGER):
+        if self.request.user.is_superuser:
             return True
-
         err = 'You do not have permission to remove users from allocation.'
         messages.error(self.request, err)
         return False
@@ -1045,13 +1041,13 @@ def get_allocation_attrs_to_change(self, allocation_obj):
         return attributes_to_change
 
     def get(self, request, *args, **kwargs):
-        context = {}
         allocation_obj = get_object_or_404(Allocation, pk=self.kwargs.get('pk'))
+        attrs_to_change = self.get_allocation_attrs_to_change(allocation_obj)
+        context = {}
 
         form = AllocationChangeForm(**self.get_form_kwargs())
         context['form'] = form
 
-        attrs_to_change = self.get_allocation_attrs_to_change(allocation_obj)
         if attrs_to_change:
             formset = formset_factory(self.formset_class, max_num=len(attrs_to_change))
             formset = formset(initial=attrs_to_change, prefix='attributeform')
@@ -1067,7 +1063,6 @@ def get(self, request, *args, **kwargs):
         return render(request, self.template_name, context)
 
     def post(self, request, *args, **kwargs):
-        attribute_changes_to_make = set({})
         pk = self.kwargs.get('pk')
         allocation_obj = get_object_or_404(Allocation, pk=pk)
 
@@ -1097,9 +1092,6 @@ def post(self, request, *args, **kwargs):
                 messages.error(request, error)
             return HttpResponseRedirect(reverse('allocation-attribute-edit', kwargs={'pk': pk}))
 
-        # ID changes
-        change_requested = False
-
         if attrs_to_change:
             for entry in formset:
                 formset_data = entry.cleaned_data
@@ -1284,7 +1276,6 @@ def post(self, request, *args, **kwargs):
         return HttpResponseRedirect(reverse('allocation-detail', kwargs={'pk': pk}))
 
 
-
 class AllocationRenewView(LoginRequiredMixin, UserPassesTestMixin, TemplateView):
     template_name = 'allocation/allocation_renew.html'
 
@@ -1536,7 +1527,7 @@ def get_context_data(self, **kwargs):
 
         # Can the user update the project?
         project_update_perm = allocation_obj.project.has_perm(
-            self.request.user, ProjectPermission.UPDATE
+            self.request.user, ProjectPermission.DATA_MANAGER
         )
         context['is_allowed_to_update_project'] = project_update_perm
         context['allocation_users'] = allocation_users
diff --git a/coldfront/core/grant/views.py b/coldfront/core/grant/views.py
index 695504a0d..6e46c1c0c 100644
--- a/coldfront/core/grant/views.py
+++ b/coldfront/core/grant/views.py
@@ -30,7 +30,7 @@ def test_func(self):
         if project_obj.pi == self.request.user:
             return True
 
-        if project_obj.projectuser_set.filter(user=self.request.user, role__name='Manager', status__name='Active').exists():
+        if project_obj.projectuser_set.filter(user=self.request.user, role__name__contains='Manager', status__name='Active').exists():
             return True
 
         messages.error(self.request, 'You do not have permission to add a new grant to this project.')
@@ -85,7 +85,9 @@ def test_func(self):
         if grant_obj.project.pi == self.request.user:
             return True
 
-        if grant_obj.project.projectuser_set.filter(user=self.request.user, role__name='Manager', status__name='Active').exists():
+        if grant_obj.project.projectuser_set.filter(
+            user=self.request.user, role__name__contains='Manager', status__name='Active'
+        ).exists():
             return True
 
         messages.error(self.request, 'You do not have permission to update grant from this project.')
@@ -113,7 +115,9 @@ def test_func(self):
         if project_obj.pi == self.request.user:
             return True
 
-        if project_obj.projectuser_set.filter(user=self.request.user, role__name='Manager', status__name='Active').exists():
+        if project_obj.projectuser_set.filter(
+            user=self.request.user, role__name__contains='Manager', status__name='Active'
+        ).exists():
             return True
 
         messages.error(self.request, 'You do not have permission to delete grants from this project.')
diff --git a/coldfront/core/portal/views.py b/coldfront/core/portal/views.py
index fe8608aae..5e08a60ed 100644
--- a/coldfront/core/portal/views.py
+++ b/coldfront/core/portal/views.py
@@ -18,10 +18,12 @@
 from coldfront.core.resource.models import Resource
 from coldfront.config.env import ENV
 from coldfront.core.department.models import Department, DepartmentMember
+from coldfront.core.utils.common import import_from_settings
 
 if ENV.bool('PLUGIN_SFTOCF', default=False):
     from coldfront.plugins.sftocf.utils import StarFishRedash, STARFISH_SERVER
 
+MANAGERS = import_from_settings('MANAGERS', ['Manager'])
 
 def home(request):
     context = {}
@@ -41,7 +43,7 @@ def home(request):
             Q(project__status__name__in=['Active', 'New']) &
             Q(project__projectuser__user=request.user) &
             Q(project__projectuser__status__name__in=['Active', ]) &
-                (Q(project__projectuser__role__name='Manager') |
+                (Q(project__projectuser__role__name__in=MANAGERS) |
                 Q(allocationuser__user=request.user) &
                 Q(allocationuser__status__name='Active'))
         ).distinct().order_by('-created')
@@ -51,7 +53,7 @@ def home(request):
             & Q(project__status__name__in=['Active', 'New']) & (
                 Q(project__pi=request.user) | (
                     Q(project__projectuser__user=request.user)
-                    & Q(project__projectuser__role__name='Manager')
+                    & Q(project__projectuser__role__name__in=MANAGERS)
                 )
             )
         )
diff --git a/coldfront/core/project/management/commands/add_default_project_choices.py b/coldfront/core/project/management/commands/add_default_project_choices.py
index d2ba4f8ae..9254c1681 100644
--- a/coldfront/core/project/management/commands/add_default_project_choices.py
+++ b/coldfront/core/project/management/commands/add_default_project_choices.py
@@ -18,7 +18,7 @@ def handle(self, *args, **options):
         for choice in ['Completed', 'Pending', ]:
             ProjectReviewStatusChoice.objects.get_or_create(name=choice)
 
-        for choice in ['User', 'Manager', ]:
+        for choice in ['User', 'General Manager', 'Data Manager', 'Access Manager']:
             ProjectUserRoleChoice.objects.get_or_create(name=choice)
 
         for choice in ['Active', 'Pending - Add', 'Pending - Remove', 'Denied', 'Removed', ]:
diff --git a/coldfront/core/project/models.py b/coldfront/core/project/models.py
index 653f6beec..2085da5ed 100644
--- a/coldfront/core/project/models.py
+++ b/coldfront/core/project/models.py
@@ -13,14 +13,17 @@
 from coldfront.core.utils.common import import_from_settings
 
 PROJECT_ENABLE_PROJECT_REVIEW = import_from_settings('PROJECT_ENABLE_PROJECT_REVIEW', False)
+DATA_MANAGERS = import_from_settings('DATA_MANAGERS', ['Manager'])
+ACCESS_MANAGERS = import_from_settings('ACCESS_MANAGERS', ['Manager'])
+MANAGERS = import_from_settings('MANAGERS', ['Manager'])
 
 class ProjectPermission(Enum):
     """ A project permission stores the user, manager, pi, and update fields of a project. """
 
     USER = 'user'
-    MANAGER = 'manager'
+    DATA_MANAGER = 'data_manager'
+    ACCESS_MANAGER = 'access_manager'
     PI = 'pi'
-    UPDATE = 'update'
 
 class ProjectStatusChoice(TimeStampedModel):
     """ A project status choice indicates the status of the project. Examples include Active, Archived, and New.
@@ -193,16 +196,20 @@ def user_permissions(self, user):
 
         permissions = [ProjectPermission.USER]
 
-        if self.projectuser_set.filter(user_conditions & models.Q(role__name='Manager')).exists():
-            permissions.append(ProjectPermission.MANAGER)
+        if (
+            self.projectuser_set.filter(user_conditions & models.Q(role__name__in=DATA_MANAGERS)).exists()
+            or self.pi.id == user.id
+        ):
+            permissions.append(ProjectPermission.DATA_MANAGER)
 
+        if (
+            self.projectuser_set.filter(user_conditions & models.Q(role__name__in=ACCESS_MANAGERS)).exists()
+            or self.pi.id == user.id
+        ):
+            permissions.append(ProjectPermission.ACCESS_MANAGER)
 
         if self.pi.id == user.id:
             permissions.append(ProjectPermission.PI)
-
-        if ProjectPermission.MANAGER in permissions or ProjectPermission.PI in permissions:
-            permissions.append(ProjectPermission.UPDATE)
-
         return permissions
 
     def has_perm(self, user, perm):
diff --git a/coldfront/core/project/templates/project/project_detail.html b/coldfront/core/project/templates/project/project_detail.html
index a6afc46db..11c7dbdcf 100644
--- a/coldfront/core/project/templates/project/project_detail.html
+++ b/coldfront/core/project/templates/project/project_detail.html
@@ -354,7 +354,7 @@ <h3 class="d-inline" id="users"><i class="fas fa-users" aria-hidden="true"></i>
                   name="email_notifications_checkbox"
                   value="{{ user.enable_notifications }}"
                   {% if user.enable_notifications %} checked {% endif %}
-                  {% if user.role.name == "Manager" %} disabled {% endif %}
+                  {% if user.role.name == "Access Manager" %} disabled {% endif %}
                   {% if not request.user.is_superuser and user.role.name == "User" and request.user == user.user %} disabled {% endif %}>
                 {% elif request.user == user.user %}
                   <input type="checkbox"
@@ -372,7 +372,7 @@ <h3 class="d-inline" id="users"><i class="fas fa-users" aria-hidden="true"></i>
                 {% endif %}
               </td>
               <td>
-                {% if is_allowed_to_update_project %}
+                {% if is_allowed_to_update_users %}
                   <a href="{% url 'project-user-detail' project.pk user.id %}"><i class="fas fa-user-edit" aria-hidden="true"></i><span class="sr-only">Edit</span></a>
                 {% endif %}
               </td>
@@ -385,8 +385,8 @@ <h3 class="d-inline" id="users"><i class="fas fa-users" aria-hidden="true"></i>
 </div>
 <!-- End Project Users -->
 
-{% comment %}
 <!-- Start Project Attributes -->
+{% if request.user.is_superuser %}
 <div class="card mb-3">
   <div class="card-header">
     <h3 class="d-inline"><i class="fas fa-info-circle" aria-hidden="true"></i> Attributes</h3> <span class="badge badge-secondary">{{attributes.count}}</span>
@@ -451,9 +451,11 @@ <h4 class="card-title">{{attribute}}</h4>
     {% endif %}
   </div>
 </div>
+{% endif %}
 
 <!-- End Project Attributes -->
 
+{% comment %}
 <!-- Start Project Grants -->
 <div style="display:none" class="card mb-3">
   <div class="card-header">
diff --git a/coldfront/core/project/templates/project/project_user_detail.html b/coldfront/core/project/templates/project/project_user_detail.html
index 503f001db..7c6ae8cb2 100644
--- a/coldfront/core/project/templates/project/project_user_detail.html
+++ b/coldfront/core/project/templates/project/project_user_detail.html
@@ -53,7 +53,13 @@ <h3>Project: {{project.title}}</h3>
           {% else %}
             <tr>
               <th scope="row">Role:</th>
-              <td>{{project_user_update_form.role}}</td>
+              <td>{{project_user_update_form.role}}<br/><br/>
+                <b>Users</b> can view information about their project and the project's related allocations.<br/>
+                <b>Access Managers</b> have the permissions to manage group membership and permissions.<br/>
+                <b>Data Managers</b> have the permissions to make allocation requests.<br/>
+                <b>General Managers</b> have all the permissions of a PI.<br/>
+                <b>PIs</b> have permissions to manage the project and its related allocations, regardless of their assigned projectuser role.<br/>
+              </td>
             </tr>
             <tr>
               <th scope="row">Notifications On:</th>
diff --git a/coldfront/core/project/test_views.py b/coldfront/core/project/test_views.py
index d70297a69..5bc6bbb4c 100644
--- a/coldfront/core/project/test_views.py
+++ b/coldfront/core/project/test_views.py
@@ -1,6 +1,7 @@
 import logging
 
 from django.test import TestCase, tag
+from django.urls import reverse
 
 from coldfront.core.test_helpers import utils
 from coldfront.core.test_helpers.factories import (
@@ -11,12 +12,14 @@
     ProjectStatusChoiceFactory,
     ProjectAttributeTypeFactory,
 )
-from coldfront.core.project.models import ProjectUserStatusChoice, Project
+from coldfront.core.project.models import (
+    Project,
+    ProjectStatusChoice,
+    ProjectUserStatusChoice,
+)
 
 logging.disable(logging.CRITICAL)
 
-
-
 UTIL_FIXTURES = [
         "coldfront/core/test_helpers/test_data/test_fixtures/ifx.json",
 ]
@@ -96,7 +99,7 @@ def test_projectdetail_access(self):
         utils.test_user_cannot_access(self, self.nonproject_user, self.url)
 
     def test_projectdetail_permissions(self):
-        """Test project detail page access permissions"""
+        """Test ProjectDetail page access permissions"""
         # admin has is_allowed_to_update_project set to True
         response = utils.login_and_get_page(self.client, self.admin_user, self.url)
         self.assertEqual(response.context['is_allowed_to_update_project'], True)
@@ -110,37 +113,65 @@ def test_projectdetail_permissions(self):
         self.assertEqual(response.context['is_allowed_to_update_project'], False)
 
     def test_projectdetail_request_allocation_button_visibility(self):
-        """Test visibility of project detail request allocation button to different projectuser levels"""
-        utils.page_contains_for_user(self, self.admin_user, self.url, 'Request New Storage Allocation') # admin can see request allocation button
+        """Test ProjectDetail request allocation button visibility to different projectuser roles"""
+        button_text = 'Request New Storage Allocation'
+        utils.page_contains_for_user(self, self.admin_user, self.url, button_text) # admin can see request allocation button
 
-        utils.page_contains_for_user(self, self.pi_user, self.url, 'Request New Storage Allocation') # pi can see request allocation button
+        utils.page_contains_for_user(self, self.pi_user, self.url, button_text) # pi can see request allocation button
 
-        response = utils.login_and_get_page(self.client, self.project_user, self.url)
-        self.assertNotContains(response, 'Request New Storage Allocation') # non-manager user cannot see request allocation button
+        # data manager can see request allocation button
+        utils.page_contains_for_user(self, self.proj_datamanager, self.url, button_text)
+        # access manager cannot see request allocation button
+        utils.page_does_not_contain_for_user(self, self.proj_accessmanager, self.url, button_text)
+
+        utils.page_does_not_contain_for_user(self, self.project_user, self.url, button_text) # non-manager user cannot see request allocation button
 
     def test_projectdetail_edituser_button_visibility(self):
-        """Test visibility of project detail edit button to different projectuser levels"""
+        """Test ProjectDetail edit button visibility to different projectuser roles"""
         utils.page_contains_for_user(self, self.admin_user, self.url, 'fa-user-edit') # admin can see edit button
-
         utils.page_contains_for_user(self, self.pi_user, self.url, 'fa-user-edit') # pi can see edit button
-
         utils.page_does_not_contain_for_user(self, self.project_user, self.url, 'fa-user-edit') # non-manager user cannot see edit button
-
-    # def test_projectdetail_addattribute_button_visibility(self):
-    #     """Test visibility of project detail add attribute button to different projectuser levels"""
-    #     utils.page_contains_for_user(self, self.admin_user, self.url, 'Add Attribute') # admin can see add attribute button
-    #
-    #     utils.page_does_not_contain_for_user(self, self.pi_user, self.url, 'Add Attribute') # pi cannot see add attribute button
-    #
-    #     utils.page_does_not_contain_for_user(self, self.project_user, self.url, 'Add Attribute') # non-manager user cannot see add attribute button
+        # access manager can see edit button
+        utils.page_contains_for_user(self, self.proj_accessmanager, self.url, 'fa-user-edit')
+        # data manager cannot see edit button
+        utils.page_does_not_contain_for_user(self, self.proj_datamanager, self.url, 'fa-user-edit')
+
+    def test_projectdetail_addattribute_button_visibility(self):
+        """Test ProjectDetail add attribute button visibility to different projectuser roles"""
+        search_text = 'Add Attribute'
+        utils.page_contains_for_user(self, self.admin_user, self.url, search_text) # admin can see add attribute button
+        utils.page_does_not_contain_for_user(self, self.pi_user, self.url, search_text) # pi cannot see add attribute button
+        utils.page_does_not_contain_for_user(self, self.project_user, self.url, search_text) # non-manager user cannot see add attribute button
 
     def test_projectdetail_addnotification_button_visibility(self):
-        """Test visibility of project detail add notification button to different projectuser levels"""
-        utils.page_contains_for_user(self, self.admin_user, self.url, 'Add Notification') # admin can see add notification button
+        """Test ProjectDetail add notification button visibility to different projectuser roles"""
+        search_text = 'Add Notification'
+        utils.page_contains_for_user(self, self.admin_user, self.url, search_text) # admin can see add notification button
+        utils.page_does_not_contain_for_user(self, self.pi_user, self.url, search_text) # pi cannot see add notification button
+        utils.page_does_not_contain_for_user(self, self.project_user, self.url, search_text) # non-manager user cannot see add notification button
+        # access manager cannot see add notification button
+        utils.page_does_not_contain_for_user(self, self.proj_accessmanager, self.url, search_text)
+        # data manager cannot see add notification button
+        utils.page_does_not_contain_for_user(self, self.proj_datamanager, self.url, search_text)
 
-        utils.page_does_not_contain_for_user(self, self.pi_user, self.url, 'Add Notification') # pi cannot see add notification button
 
-        utils.page_does_not_contain_for_user(self, self.project_user, self.url, 'Add Notification') # non-manager user cannot see add notification button
+class ProjectArchiveProjectViewTest(ProjectViewTestBase):
+    """Tests for project archive project view"""
+
+    @classmethod
+    def setUpTestData(cls):
+        """Set up users and project for testing"""
+        super(ProjectArchiveProjectViewTest, cls).setUpTestData()
+        cls.url = f'/project/{cls.project.pk}/archive'
+
+    def test_project_archive_project_access(self):
+        """Test access to project archive project page"""
+        # logged-out user gets redirected, admin can access archive project page
+        self.project_access_tstbase(self.url)
+        # pi, projectuser and nonproject user cannot access archive project page
+        utils.test_user_cannot_access(self, self.pi_user, self.url)
+        utils.test_user_cannot_access(self, self.project_user, self.url)
+        utils.test_user_cannot_access(self, self.nonproject_user, self.url)
 
 
 class ProjectCreateTest(ProjectViewTestBase):
@@ -177,8 +208,8 @@ def test_project_access(self):
         """Test access to project attribute create page"""
         # logged-out user gets redirected, admin can access create page
         self.project_access_tstbase(self.url)
-        # pi can access create page
-        utils.test_user_can_access(self, self.pi_user, self.url)
+        # pi cannot access create page
+        utils.test_user_cannot_access(self, self.pi_user, self.url)
         # project user and nonproject user cannot access create page
         utils.test_user_cannot_access(self, self.project_user, self.url)
         utils.test_user_cannot_access(self, self.nonproject_user, self.url)
@@ -239,8 +270,8 @@ def setUpTestData(cls):
     def test_project_attribute_update_access(self):
         """Test access to project attribute update page"""
         self.project_access_tstbase(self.url)
-        utils.test_user_can_access(self, self.pi_user, self.url)
         # project user, pi, and nonproject user cannot access update page
+        utils.test_user_cannot_access(self, self.pi_user, self.url)
         utils.test_user_cannot_access(self, self.project_user, self.url)
         utils.test_user_cannot_access(self, self.nonproject_user, self.url)
 
@@ -259,9 +290,8 @@ def test_project_attribute_delete_access(self):
         """test access to project attribute delete page"""
         # logged-out user gets redirected, admin can access delete page
         self.project_access_tstbase(self.url)
-        # pi can access delete page
-        utils.test_user_can_access(self, self.pi_user, self.url)
-        # project user and nonproject user cannot access delete page
+        # pi, project user and nonproject user cannot access delete page
+        utils.test_user_cannot_access(self, self.pi_user, self.url)
         utils.test_user_cannot_access(self, self.project_user, self.url)
         utils.test_user_cannot_access(self, self.nonproject_user, self.url)
 
@@ -316,7 +346,6 @@ def test_project_list_displayall_permission_project_user(self):
         response = utils.login_and_get_page(self.client, self.project_user, url)
         self.assertEqual(len(response.context['object_list']), 1)
 
-
     ### ProjectListView search tests ###
 
     def test_project_list_search(self):
@@ -333,18 +362,33 @@ def test_project_list_search_pagination(self):
         response = utils.login_and_get_page(self.client, self.admin_user, url)
 
 
-
 class ProjectRemoveUsersViewTest(ProjectViewTestBase):
     """Tests for ProjectRemoveUsersView"""
+
     def setUp(self):
-        """set up users and project for testing"""
-        self.url = f'/project/{self.project.pk}/remove-users/'
+        """Set up users and project for testing"""
+        super().setUp()
+        self.url = reverse('project-remove-users', kwargs={'pk': self.project.pk})
+        self.project_user = self.proj_allocation_user
+        self.nonproject_user = self.nonproj_allocation_user
 
     @tag('net')
     def test_projectremoveusersview_access(self):
         """test access to project remove users page"""
         self.project_access_tstbase(self.url)
 
+    @tag('net')
+    def test_pi_user_cannot_be_removed(self):
+        """Test that the project PI cannot be removed"""
+        self.client.force_login(self.pi_user)
+
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, 200)
+        context = response.context
+
+        users_to_remove = context['formset'].initial
+        self.assertNotIn(self.pi_user.username, [u['username'] for u in users_to_remove])
+
 
 class ProjectUpdateViewTest(ProjectViewTestBase):
     """Tests for ProjectUpdateView"""
@@ -399,6 +443,10 @@ def setUp(self):
     def test_projectadduserssearchview_access(self):
         """test access to project add users search page"""
         self.project_access_tstbase(self.url)
+        utils.test_user_can_access(self, self.pi_user, self.url)# pi can access
+        utils.test_user_can_access(self, self.proj_accessmanager, self.url)# access manager can access
+        utils.test_user_cannot_access(self, self.proj_datamanager, self.url)# data manager cannot access
+        utils.test_user_cannot_access(self, self.proj_allocation_user, self.url)# user cannot access
 
 
 class ProjectUserDetailViewTest(ProjectViewTestBase):
diff --git a/coldfront/core/project/utils.py b/coldfront/core/project/utils.py
index 95441e683..836787f77 100644
--- a/coldfront/core/project/utils.py
+++ b/coldfront/core/project/utils.py
@@ -16,7 +16,7 @@ def add_project_status_choices(apps, schema_editor):
 def add_project_user_role_choices(apps, schema_editor):
     ProjectUserRoleChoice = apps.get_model('project', 'ProjectUserRoleChoice')
 
-    for choice in ['User', 'Manager', ]:
+    for choice in ['User', 'Data Manager', 'General Manager', 'Access Manager']:
         ProjectUserRoleChoice.objects.get_or_create(name=choice)
 
 
diff --git a/coldfront/core/project/views.py b/coldfront/core/project/views.py
index eafc85fea..b6bfc4369 100644
--- a/coldfront/core/project/views.py
+++ b/coldfront/core/project/views.py
@@ -134,7 +134,10 @@ def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         # Can the user update the project?
         context['is_allowed_to_update_project'] = self.object.has_perm(
-            self.request.user, ProjectPermission.MANAGER
+            self.request.user, ProjectPermission.DATA_MANAGER
+        )
+        context['is_allowed_to_update_users'] = self.object.has_perm(
+            self.request.user, ProjectPermission.ACCESS_MANAGER
         )
 
         if self.request.user.is_superuser:
@@ -189,7 +192,7 @@ def get_context_data(self, **kwargs):
                 allocations = allocations.filter(
                     Q(project__projectuser__user=self.request.user)
                 )
-                if not self.object.has_perm(self.request.user, ProjectPermission.MANAGER):
+                if not self.object.has_perm(self.request.user, ProjectPermission.DATA_MANAGER):
                     allocations = allocations.filter(
                         Q(allocationuser__user=self.request.user)
                     )
@@ -351,10 +354,10 @@ class ProjectArchiveProjectView(LoginRequiredMixin, UserPassesTestMixin, Templat
 
     def test_func(self):
         """UserPassesTestMixin Tests"""
-        # project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-        # if project_obj.has_perm(self.request.user, ProjectPermission.UPDATE):
         if self.request.user.is_superuser:
             return True
+        error_message = 'You do not have permission to archive a project.'
+        messages.error(self.request, error_message)
         return False
 
     def get_context_data(self, **kwargs):
@@ -438,7 +441,7 @@ class ProjectUpdateView(
     def test_func(self):
         """UserPassesTestMixin Tests"""
         project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-        if project_obj.has_perm(self.request.user, ProjectPermission.UPDATE):
+        if project_obj.has_perm(self.request.user, ProjectPermission.DATA_MANAGER):
             return True
         return False
 
@@ -460,8 +463,7 @@ class ProjectAddUsersSearchView(LoginRequiredMixin, UserPassesTestMixin, Templat
     def test_func(self):
         """UserPassesTestMixin Tests"""
         project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-        # if project_obj.has_perm(self.request.user, ProjectPermission.UPDATE):
-        if self.request.user.is_superuser or self.request.user == project_obj.pi:
+        if project_obj.has_perm(self.request.user, ProjectPermission.ACCESS_MANAGER):
             return True
         return False
 
@@ -489,8 +491,7 @@ class ProjectAddUsersSearchResultsView(
     def test_func(self):
         """UserPassesTestMixin Tests"""
         project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-        # if project_obj.has_perm(self.request.user, ProjectPermission.UPDATE):
-        if self.request.user.is_superuser or self.request.user == project_obj.pi:
+        if project_obj.has_perm(self.request.user, ProjectPermission.ACCESS_MANAGER):
             return True
         return False
 
@@ -562,8 +563,7 @@ class ProjectAddUsersView(LoginRequiredMixin, UserPassesTestMixin, View):
     def test_func(self):
         """UserPassesTestMixin Tests"""
         project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-        # if project_obj.has_perm(self.request.user, ProjectPermission.UPDATE):
-        if self.request.user.is_superuser or self.request.user == project_obj.pi:
+        if project_obj.has_perm(self.request.user, ProjectPermission.ACCESS_MANAGER):
             return True
         err = 'You do not have permission to add users to the project.'
         messages.error(self.request, err)
@@ -721,9 +721,10 @@ class ProjectRemoveUsersView(LoginRequiredMixin, UserPassesTestMixin, TemplateVi
     def test_func(self):
         """UserPassesTestMixin Tests"""
         project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-        # if project_obj.has_perm(self.request.user, ProjectPermission.UPDATE):
-        if self.request.user.is_superuser or self.request.user == project_obj.pi:
+        if project_obj.has_perm(self.request.user, ProjectPermission.ACCESS_MANAGER):
             return True
+        err = 'You do not have permission to remove users from the project.'
+        messages.error(self.request, err)
         return False
 
     def dispatch(self, request, *args, **kwargs):
@@ -878,8 +879,10 @@ class ProjectUserDetail(LoginRequiredMixin, UserPassesTestMixin, TemplateView):
     def test_func(self):
         """UserPassesTestMixin Tests"""
         project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-        if project_obj.has_perm(self.request.user, ProjectPermission.UPDATE):
+        if project_obj.has_perm(self.request.user, ProjectPermission.ACCESS_MANAGER):
             return True
+        err = 'You do not have permission to edit project users.'
+        messages.error(self.request, err)
         return False
 
     def get(self, request, *args, **kwargs):
@@ -962,7 +965,7 @@ def project_update_email_notification(request):
 
     allowed = False
 
-    if project_obj.has_perm(request.user, ProjectPermission.UPDATE):
+    if project_obj.has_perm(request.user, ProjectPermission.ACCESS_MANAGER):
         allowed = True
     if project_user_obj.user == request.user:
         allowed = True
@@ -989,7 +992,7 @@ class ProjectReviewView(LoginRequiredMixin, UserPassesTestMixin, TemplateView):
     def test_func(self):
         """UserPassesTestMixin Tests"""
         project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-        if project_obj.has_perm(self.request.user, ProjectPermission.UPDATE):
+        if project_obj.has_perm(self.request.user, ProjectPermission.DATA_MANAGER):
             return True
         messages.error(
             self.request, 'You do not have permissions to review this project.'
@@ -1226,20 +1229,10 @@ class ProjectAttributeCreateView(LoginRequiredMixin, UserPassesTestMixin, Create
 
     def test_func(self):
         """UserPassesTestMixin Tests"""
-        project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-
         if self.request.user.is_superuser:
             return True
-        if project_obj.pi == self.request.user:
-            return True
-        if project_obj.projectuser_set.filter(
-            user=self.request.user, role__name='Manager', status__name='Active'
-        ).exists():
-            return True
-
-        messages.error(
-            self.request, 'You do not have permission to add project attributes.'
-        )
+        err = 'You do not have permission to add project attributes.'
+        messages.error(self.request, err)
         return False
 
     def get_initial(self):
@@ -1272,21 +1265,9 @@ class ProjectAttributeDeleteView(LoginRequiredMixin, UserPassesTestMixin, Templa
 
     def test_func(self):
         """UserPassesTestMixin Tests"""
-
-        project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-
         if self.request.user.is_superuser:
             return True
-
-        if project_obj.pi == self.request.user:
-            return True
-
-        if project_obj.projectuser_set.filter(
-            user=self.request.user, role__name='Manager', status__name='Active'
-        ).exists():
-            return True
-
-        err = 'You do not have permission to add project attributes.'
+        err = 'You do not have permission to remove project attributes.'
         messages.error(self.request, err)
 
     def get_avail_attrs(self, project_obj):
@@ -1358,18 +1339,11 @@ class ProjectAttributeUpdateView(LoginRequiredMixin, UserPassesTestMixin, Templa
 
     def test_func(self):
         """UserPassesTestMixin Tests"""
-        project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
-
         if self.request.user.is_superuser:
             return True
-
-        if project_obj.pi == self.request.user:
-            return True
-
-        if project_obj.projectuser_set.filter(
-            user=self.request.user, role__name='Manager', status__name='Active'
-        ).exists():
-            return True
+        err = 'You do not have permission to update project attributes.'
+        messages.error(self.request, err)
+        return False
 
     def get(self, request, *args, **kwargs):
         project_obj = get_object_or_404(Project, pk=self.kwargs.get('pk'))
@@ -1392,7 +1366,6 @@ def get(self, request, *args, **kwargs):
             context['project_obj'] = project_obj
             context['project_attribute_update_form'] = project_attribute_update_form
             context['project_attribute_obj'] = project_attribute_obj
-
             return render(request, self.template_name, context)
 
     def post(self, request, *args, **kwargs):
diff --git a/coldfront/core/test_helpers/factories.py b/coldfront/core/test_helpers/factories.py
index ce689e1ba..ffb336ea8 100644
--- a/coldfront/core/test_helpers/factories.py
+++ b/coldfront/core/test_helpers/factories.py
@@ -40,7 +40,7 @@
 ### Default values and Faker provider setup ###
 
 project_status_choice_names = ['New', 'Active', 'Archived']
-project_user_role_choice_names = ['User', 'Manager']
+project_user_role_choice_names = ['User', 'Access Manager', 'General Manager', 'Data Manager']
 field_of_science_names = ['Physics', 'Chemistry', 'Economics', 'Biology', 'Sociology']
 attr_types = ['Date', 'Int', 'Float', 'Text', 'Boolean']
 
@@ -83,6 +83,7 @@ class Meta:
     is_superuser = False
 
 
+
 ### Field of Science factories ###
 
 class FieldOfScienceFactory(DjangoModelFactory):
@@ -367,6 +368,8 @@ def setup_models(test_case):
     # pi is a project admin but not an AllocationUser.
     test_case.pi_user = UserFactory(username='sdpoisson')
     test_case.proj_allocation_user = UserFactory(username='ljbortkiewicz')
+    test_case.proj_datamanager = UserFactory(username='ajayer')
+    test_case.proj_accessmanager = UserFactory(username='mdavis')
     test_case.proj_nonallocation_user = UserFactory(username='wkohn')
     test_case.nonproj_allocation_user = UserFactory(username='jsaul')
     test_case.project = ProjectFactory(pi=test_case.pi_user, title="poisson_lab")
@@ -394,13 +397,15 @@ def setup_models(test_case):
     for user in [test_case.proj_allocation_user, test_case.nonproj_allocation_user]:
         AllocationUserFactory(user=user, allocation=test_case.proj_allocation)
 
-    manager_role = ProjectUserRoleChoiceFactory(name='Manager')
+    for user, role in {
+        test_case.pi_user:'General Manager',
+        test_case.proj_datamanager: 'Data Manager',
+        test_case.proj_accessmanager: 'Access Manager',
+        test_case.proj_nonallocation_user: 'User',
+    }.items():
+        ProjectUserFactory(
+            user=user, project=test_case.project, role=ProjectUserRoleChoiceFactory(name=role)
+        )
 
-    ProjectUserFactory(
-        user=test_case.pi_user, project=test_case.project, role=manager_role
-    )
     test_case.npu = ProjectUserFactory(user=test_case.proj_allocation_user, project=test_case.project)
     test_case.normal_projuser = test_case.npu.user
-    ProjectUserFactory(
-        user=test_case.proj_nonallocation_user, project=test_case.project
-    )
diff --git a/coldfront/core/test_helpers/fasrc_factories.py b/coldfront/core/test_helpers/fasrc_factories.py
index a003cd693..07f6e7ca1 100644
--- a/coldfront/core/test_helpers/fasrc_factories.py
+++ b/coldfront/core/test_helpers/fasrc_factories.py
@@ -89,6 +89,12 @@ def setup_departments(test_case):
         last_name='Ostrom',
         full_name='Elinor Ostrom',
     )
+    test_case.dept_member_user = UserFactory(
+        username='jdewey',
+        first_name='John',
+        last_name='Dewey',
+        full_name='John Dewey',
+    )
 
     test_case.school = OrganizationFactory(
         name='School of Maths and Sciences',
@@ -101,13 +107,6 @@ def setup_departments(test_case):
         org_tree='Research Computing Storage Billing',
     )
 
-
-    test_case.dept_member_user = UserFactory(
-        username='jdoe',
-        first_name='John',
-        last_name='Doe',
-        full_name='John Doe',
-    )
     ProjectFactory()
     for project in Project.objects.all():
         project_title = project.title
diff --git a/coldfront/core/user/templates/user/user_projects_managers.html b/coldfront/core/user/templates/user/user_projects_managers.html
index 951a2ffdc..a4bf7a94e 100644
--- a/coldfront/core/user/templates/user/user_projects_managers.html
+++ b/coldfront/core/user/templates/user/user_projects_managers.html
@@ -54,7 +54,7 @@ <h3 class="d-inline">{{ project.title }}</h3>
                 <h4 class="d-inline"><i class="fas fa-users" aria-hidden="true"></i> Additional Managers</a></h4> <span class="badge badge-secondary">{{ project.project_managers | length }}</span>
                 {% if association.is_project_manager and not association.is_project_pi %}
                   <div class="float-right">
-                    <p class="card-text text-success"><strong>{{ user_pronounish }} {{user_verbform_be}} a manager of this project.</strong></p>
+                    <p class="card-text text-success"><strong>{{ user_pronounish }} {{user_verbform_be}} a {{association.role.name}} of this project.</strong></p>
                   </div>
                 {% endif %}
               </div>
@@ -66,6 +66,7 @@ <h4 class="d-inline"><i class="fas fa-users" aria-hidden="true"></i> Additional
                         <tr>
                           <th scope="col">Username</th>
                           <th scope="col">Name</th>
+                          <th scope="col">Role</th>
                           <th scope="col">Email</th>
                           <th scope="col">Status</th>
                         </tr>
@@ -75,6 +76,7 @@ <h4 class="d-inline"><i class="fas fa-users" aria-hidden="true"></i> Additional
                           <tr>
                             <td>{{ user.user.username }}</td>
                             <td>{{ user.user.first_name }} {{ user.user.last_name }}</td>
+                            <td>{{ user.role }}</td>
                             <td>
                               {{ user.user.email }}
                               <a href="mailto:{{ user.user.email }} "><i class="far fa-envelope"></i></a>
diff --git a/coldfront/core/user/views.py b/coldfront/core/user/views.py
index e87c476f6..04884b0a9 100644
--- a/coldfront/core/user/views.py
+++ b/coldfront/core/user/views.py
@@ -133,7 +133,7 @@ def get_queryset(self, *args, **kwargs):
                 output_field=BooleanField(),
             ),
             is_project_manager=ExpressionWrapper(
-                Q(role__name='Manager'),
+                Q(role__name__contains='Manager'),
                 output_field=BooleanField(),
             ),
         ).order_by(
@@ -147,7 +147,7 @@ def get_queryset(self, *args, **kwargs):
             Prefetch(
                 lookup='project__projectuser_set',
                 queryset=ProjectUser.objects.filter(
-                    role__name='Manager',
+                    role__name__contains='Manager',
                     status__name__in=ongoing_projectuser_statuses,
                 ).exclude(
                     user__pk__in=[
diff --git a/coldfront/core/utils/management/commands/import_projects_fas.py b/coldfront/core/utils/management/commands/import_projects_fas.py
index c1eb11eb7..b32258a61 100644
--- a/coldfront/core/utils/management/commands/import_projects_fas.py
+++ b/coldfront/core/utils/management/commands/import_projects_fas.py
@@ -54,10 +54,10 @@ def handle(self, *args, **options):
             project_status_choices['New'] = ProjectStatusChoice.objects.get(name='New')
 
             project_user_role_choices = {}
-            project_user_role_choices['PI'] = ProjectUserRoleChoice.objects.get(name='Manager')
+            project_user_role_choices['PI'] = ProjectUserRoleChoice.objects.get(name='General Manager')
             project_user_role_choices['U'] = ProjectUserRoleChoice.objects.get(name='User')
-            project_user_role_choices['M'] = ProjectUserRoleChoice.objects.get(name='Manager')
-            project_user_role_choices['Manager'] = ProjectUserRoleChoice.objects.get(name='Manager')
+            project_user_role_choices['M'] = ProjectUserRoleChoice.objects.get(name='General Manager')
+            project_user_role_choices['Manager'] = ProjectUserRoleChoice.objects.get(name='General Manager')
 
             project_user_status_choices = {}
             project_user_status_choices['ACT'] = ProjectUserStatusChoice.objects.get(name='Active')
diff --git a/coldfront/core/utils/management/commands/load_test_data.py b/coldfront/core/utils/management/commands/load_test_data.py
index 485b23d67..b0a7afd97 100644
--- a/coldfront/core/utils/management/commands/load_test_data.py
+++ b/coldfront/core/utils/management/commands/load_test_data.py
@@ -239,7 +239,7 @@ def handle(self, *args, **options):
         ProjectUser.objects.get_or_create(
             user=pi1,
             project=project_obj,
-            role=ProjectUserRoleChoice.objects.get(name='Manager'),
+            role=ProjectUserRoleChoice.objects.get(name='General Manager'),
             status=ProjectUserStatusChoice.objects.get(name='Active')
         )
 
@@ -399,7 +399,7 @@ def handle(self, *args, **options):
         project_user_obj, _ = ProjectUser.objects.get_or_create(
             user=pi2,
             project=project_obj,
-            role=ProjectUserRoleChoice.objects.get(name='Manager'),
+            role=ProjectUserRoleChoice.objects.get(name='General Manager'),
             status=ProjectUserStatusChoice.objects.get(name='Active')
         )
 
diff --git a/coldfront/core/utils/mixins/views.py b/coldfront/core/utils/mixins/views.py
index f9c5f6df6..7988e7810 100644
--- a/coldfront/core/utils/mixins/views.py
+++ b/coldfront/core/utils/mixins/views.py
@@ -64,5 +64,7 @@ def test_func(self):
         if project_obj.pi == self.request.user:
             return True
 
-        if project_obj.projectuser_set.filter(user=self.request.user, role__name='Manager', status__name='Active').exists():
+        if project_obj.projectuser_set.filter(
+            user=self.request.user, role__name__contains='Manager', status__name='Active'
+        ).exists():
             return True
diff --git a/coldfront/core/utils/views.py b/coldfront/core/utils/views.py
index 520465208..a26ed8410 100644
--- a/coldfront/core/utils/views.py
+++ b/coldfront/core/utils/views.py
@@ -15,9 +15,9 @@ def produce_filter_parameter(key, value):
         return f'{key}={value.pk}&'
     return f'{key}={value}&'
 
-# Create your views here.
+
 class ColdfrontListView(LoginRequiredMixin, ListView):
-    """A ListView with definitions standard to complex ListView implementations in Coldfront
+    """A ListView with definitions standard to complex ListView implementations in ColdFront
     """
 
     def return_order(self):
@@ -47,18 +47,14 @@ def filter_parameters(self, SearchFormClass):
                 f'order_by={order_by}&direction={direction}&'
         else:
             filter_parameters_with_order_by = filter_parameters
-
         return search_form, filter_parameters, filter_parameters_with_order_by
 
-
     def get_context_data(self, SearchFormClass=None, **kwargs):
-
         context = super().get_context_data(**kwargs)
         count = self.get_queryset().count()
         context['count'] = count
 
         search_form, filter_parameters, filter_parameters_with_order_by = self.filter_parameters(SearchFormClass)
-
         if filter_parameters:
             context['expand_accordion'] = 'show'
 
@@ -68,6 +64,7 @@ def get_context_data(self, SearchFormClass=None, **kwargs):
 
         return context
 
+
 class NoteUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
     template_name = 'note_update.html'
     fields = ('is_private', 'note',)
@@ -81,6 +78,7 @@ def test_func(self):
         messages.error(self.request, 'You do not have permission to change this note.')
         return False
 
+
 class NoteCreateView(LoginRequiredMixin, UserPassesTestMixin, CreateView):
     template_name = 'note_create.html'
     fields = '__all__'
diff --git a/coldfront/plugins/api/views.py b/coldfront/plugins/api/views.py
index 7a379d1fc..99ca6243c 100644
--- a/coldfront/plugins/api/views.py
+++ b/coldfront/plugins/api/views.py
@@ -40,7 +40,7 @@ def get_queryset(self):
                 Q(project__status__name__in=['New', 'Active']) &
                 (
                     (
-                        Q(project__projectuser__role__name='Manager')
+                        Q(project__projectuser__role__name__contains='Manager')
                         & Q(project__projectuser__user=self.request.user)
                     )
                     | Q(project__pi=self.request.user)
@@ -218,7 +218,7 @@ def get_queryset(self):
                 Q(allocation__project__status__name__in=['New', 'Active']) &
                 (
                     (
-                        Q(allocation__project__projectuser__role__name='Manager')
+                        Q(allocation__project__projectuser__role__name__contains='Manager')
                         & Q(allocation__project__projectuser__user=self.request.user)
                     )
                     | Q(allocation__project__pi=self.request.user)
@@ -268,7 +268,7 @@ def get_queryset(self):
                 Q(status__name__in=['New', 'Active']) &
                 (
                     (
-                        Q(projectuser__role__name='Manager')
+                        Q(projectuser__role__name__contains='Manager')
                         & Q(projectuser__user=self.request.user)
                     )
                     | Q(pi=self.request.user)
diff --git a/coldfront/plugins/ldap/utils.py b/coldfront/plugins/ldap/utils.py
index 299d77383..89e797a80 100644
--- a/coldfront/plugins/ldap/utils.py
+++ b/coldfront/plugins/ldap/utils.py
@@ -431,7 +431,7 @@ def collect_update_project_status_membership():
             [(pi.project.title, pi.user.username) for pi in pis_to_deactivate])
 
     ### identify PIs with incorrect roles and change their status ###
-    projectuser_role_manager = ProjectUserRoleChoice.objects.get(name='Manager')
+    projectuser_role_manager = ProjectUserRoleChoice.objects.get(name='General Manager')
 
     pis_mislabeled = ProjectUser.objects.filter(
         reduce(operator.or_,
@@ -652,7 +652,7 @@ def add_new_projects(groupusercollections, errortracker):
                         group.pi['sAMAccountName'][0], group.name)
             errortracker['pi_not_projectuser'].append(group.name)
             continue
-        manager.role = ProjectUserRoleChoice.objects.get(name='Manager')
+        manager.role = ProjectUserRoleChoice.objects.get(name='General Manager')
         manager.save()
         added_projects.append([group.name, group.project])
 
@@ -701,7 +701,7 @@ def update_new_project(sender, **kwargs):
     project.pi = get_user_model().objects.get(username=manager['sAMAccountName'][0])
     project.save()
     for member in members:
-        role_name = "User" if member['sAMAccountName'][0] != manager['sAMAccountName'][0] else "Manager"
+        role_name = "User" if member['sAMAccountName'][0] != manager['sAMAccountName'][0] else "General Manager"
         try:
             user_obj = get_user_model().objects.get(username=member['sAMAccountName'][0])
         except get_user_model().DoesNotExist:
diff --git a/coldfront/plugins/sftocf/utils.py b/coldfront/plugins/sftocf/utils.py
index 46a27ef42..e46f24cbf 100644
--- a/coldfront/plugins/sftocf/utils.py
+++ b/coldfront/plugins/sftocf/utils.py
@@ -221,18 +221,13 @@ def update_zone(self, zone_name, paths=[], managers=[], managing_groups=[]):
         zone_data = self.get_zone_by_name(zone_name)
         zone_id = zone_data['id']
         url = self.api_url + f'zone/{zone_id}/'
-        data = {'name': zone_name, 'id': zone_id}
+        data = {'name': zone_name}
         data['paths'] = paths if paths else zone_data['paths']
         data['managers'] = managers if managers else zone_data['managers']
         data['managing_groups'] = managing_groups if managing_groups else zone_data['managing_groups']
         for group in managing_groups:
             add_zone_group_to_ad(group['groupname'])
-        try:
-            response = return_put_json(url, data=data, headers=self.headers)
-        except requests.exceptions.HTTPError as exc:
-            logger.exception("Exception trying to update zone: %s", exc)
-            print(exc)
-            return None
+        response = return_put_json(url, data=data, headers=self.headers)
         return response
 
     def zone_from_project(self, project_obj):
@@ -606,7 +601,6 @@ def allocations(self):
             status__name__in=allocation_statuses,
             resources__in=self.connection_obj.get_corresponding_coldfront_resources()
         )
-        return self._allocations
 
     @property
     def allocationquerymatches(self):
@@ -618,11 +612,10 @@ def allocationquerymatches(self):
         allocation_list = [
             (a.get_parent_resource.name.split('/')[0], a.path) for a in allocations
         ]
-
         total_sort_key = itemgetter('path','volume')
         allocation_usage_grouped = return_dict_of_groupings(self.sf_usage_data, total_sort_key)
         missing_allocations = [
-            (vol, path) for path, vol in allocation_usage_grouped if (vol, path) not in allocation_list
+            (k,a) for k, a in allocation_usage_grouped if k not in allocation_list
         ]
         print("missing_allocations:", missing_allocations)
         logger.warning('starfish allocations missing in coldfront: %s', missing_allocations)