diff --git a/src/routes/phaseMembers/delete.spec.js b/src/routes/phaseMembers/delete.spec.js
index 72401df8..d6988d65 100644
--- a/src/routes/phaseMembers/delete.spec.js
+++ b/src/routes/phaseMembers/delete.spec.js
@@ -148,13 +148,26 @@ describe('Delete phase member', () => {
         .expect(204, done);
     });
 
-    it('should return 403 for copilot', (done) => {
+    it('should return 204 for copilot which is member of project', (done) => {
       request(server)
         .delete(`/v5/projects/${id}/phases/${phaseId}/members/${copilotUser.userId}`)
         .set({
           Authorization: `Bearer ${testUtil.jwts.copilot}`,
         })
-        .expect(403, done);
+        .expect(204, done);
+    });
+
+    it('should return 403 for copilot which is not member of project', (done) => {
+      models.ProjectMember.destroy({
+        where: { userId: testUtil.userIds.copilot, id },
+      }).then(() => {
+        request(server)
+          .delete(`/v5/projects/${id}/phases/${phaseId}/members/${copilotUser.userId}`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.copilot}`,
+          })
+          .expect(403, done);
+      });
     });
   });
 });
diff --git a/src/routes/phaseMembers/update.spec.js b/src/routes/phaseMembers/update.spec.js
index a8f21c6f..91251277 100644
--- a/src/routes/phaseMembers/update.spec.js
+++ b/src/routes/phaseMembers/update.spec.js
@@ -167,14 +167,28 @@ describe('Update phase members', () => {
         });
     });
 
-    it('should return 403 for copilot', (done) => {
+    it('should return 200 for copilot which is member of project', (done) => {
       request(server)
         .post(`/v5/projects/${id}/phases/${phaseId}/members`)
         .set({
           Authorization: `Bearer ${testUtil.jwts.copilot}`,
         })
         .send({ userIds: [copilotUser.userId, memberUser.userId] })
-        .expect(403, done);
+        .expect(200, done);
+    });
+
+    it('should return 403 for copilot which is not member of project', (done) => {
+      models.ProjectMember.destroy({
+        where: { userId: testUtil.userIds.copilot, id },
+      }).then(() => {
+        request(server)
+          .post(`/v5/projects/${id}/phases/${phaseId}/members`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.copilot}`,
+          })
+          .send({ userIds: [copilotUser.userId, memberUser.userId] })
+          .expect(403, done);
+      });
     });
   });
 });