diff --git a/CHANGELOG.md b/CHANGELOG.md
index da785de5d3..d1ac3a1f9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -34,6 +34,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - [#6285](https://github.com/apache/trafficcontrol/issues/6285) - The Traffic Ops Postinstall script will work in CentOS 7, even if Python 3 is installed
 - [#5373](https://github.com/apache/trafficcontrol/issues/5373) - Traffic Monitor logs not consistent
 - Traffic Ops: Sanitize username before executing LDAP query
+- [#6367](https://github.com/apache/trafficcontrol/issues/6367) - Fix PUT `user/current` to work with v4 User Roles and Permissions
 
 ### Changed
 - Updated `t3c` to request less unnecessary deliveryservice-server assignment and invalidation jobs data via new query params supported by Traffic Ops
diff --git a/lib/go-tc/users.go b/lib/go-tc/users.go
index 1852c3b76d..2b2b9537f9 100644
--- a/lib/go-tc/users.go
+++ b/lib/go-tc/users.go
@@ -317,7 +317,7 @@ type UserResponseV4 struct {
 // "undefined" values.
 type CurrentUserUpdateRequest struct {
 	// User, for whatever reason, contains all of the actual data.
-	User CurrentUserUpdateRequestUser `json:"user"`
+	User *CurrentUserUpdateRequestUser `json:"user"`
 }
 
 // CurrentUserUpdateRequestUser holds all of the actual data in a request to update the current user.
diff --git a/traffic_ops/traffic_ops_golang/user/current.go b/traffic_ops/traffic_ops_golang/user/current.go
index ea6e1eac31..d2f2365bc8 100644
--- a/traffic_ops/traffic_ops_golang/user/current.go
+++ b/traffic_ops/traffic_ops_golang/user/current.go
@@ -167,7 +167,6 @@ WHERE u.id=$1
 
 func ReplaceCurrent(w http.ResponseWriter, r *http.Request) {
 	var useV4User bool
-	var userV4 tc.UserV4
 	inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil)
 	tx := inf.Tx.Tx
 	if userErr != nil || sysErr != nil {
@@ -183,13 +182,18 @@ func ReplaceCurrent(w http.ResponseWriter, r *http.Request) {
 		api.HandleErr(w, r, tx, errCode, userErr, nil)
 		return
 	}
+
+	if userRequest.User == nil {
+		errCode = http.StatusBadRequest
+		userErr = fmt.Errorf("missing required 'user' object")
+		api.HandleErr(w, r, tx, errCode, userErr, nil)
+		return
+	}
+
 	if inf.Version.Major >= 4 {
 		useV4User = true
 	}
 	user, exists, err := dbhelpers.GetUserByID(inf.User.ID, tx)
-	if useV4User {
-		userV4 = user.Upgrade()
-	}
 	if err != nil {
 		sysErr = fmt.Errorf("getting user by ID %d: %v", inf.User.ID, err)
 		errCode = http.StatusInternalServerError
@@ -317,7 +321,7 @@ func ReplaceCurrent(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if useV4User {
-		api.WriteRespAlertObj(w, r, tc.SuccessLevel, "User profile was successfully updated", userV4)
+		api.WriteRespAlertObj(w, r, tc.SuccessLevel, "User profile was successfully updated", user.Upgrade())
 	} else {
 		api.WriteRespAlertObj(w, r, tc.SuccessLevel, "User profile was successfully updated", user)
 	}