diff --git a/lib/main/models/__init__.py b/lib/main/models/__init__.py
index 63eaac4afd..9d5bd0fb91 100644
--- a/lib/main/models/__init__.py
+++ b/lib/main/models/__init__.py
@@ -557,9 +557,8 @@ class Credential(CommonModelNameNotUnique):
             user_obj = User.objects.get(pk=data['user'])
             return UserHelper.can_user_administrate(user, user_obj)
         if 'team' in data:
-            raise Exception("FIXME")
-            #team_obj = Team.objects.get(pk=data['team'])
-            #return team_obj.organization.users.filter(admins__in = [user]).count()
+            team_obj = Team.objects.get(pk=data['team'])
+            return Team.can_user_administrate(user, team_obj)
 
     def get_absolute_url(self):
         import lib.urls
diff --git a/lib/main/tests/projects.py b/lib/main/tests/projects.py
index 94af25e100..93094a2981 100644
--- a/lib/main/tests/projects.py
+++ b/lib/main/tests/projects.py
@@ -308,15 +308,15 @@ class ProjectsTest(BaseTest):
         self.post(team_creds, data=new_credentials, expect=401, auth=self.get_invalid_credentials())
         self.post(team_creds, data=new_credentials, expect=201, auth=self.get_super_credentials())
         self.post(team_creds, data=new_credentials, expect=201, auth=self.get_normal_credentials())
-        self.post(team_creds, data=new_credentials, expect=201, auth=self.get_other_credentials())
+        self.post(team_creds, data=new_credentials, expect=403, auth=self.get_other_credentials())
         self.post(team_creds, data=new_credentials, expect=403, auth=self.get_nobody_credentials())
 
         # can list credentials on a user
         self.get(other_creds, expect=401)
         self.get(other_creds, expect=401, auth=self.get_invalid_credentials())
-        self.get(other_creds, expect=201, auth=self.get_super_credentials())
-        self.get(other_creds, expect=201, auth=self.get_normal_credentials())
-        self.get(other_creds, expect=201, auth=self.get_other_credentials())
+        self.get(other_creds, expect=200, auth=self.get_super_credentials())
+        self.get(other_creds, expect=200, auth=self.get_normal_credentials())
+        self.get(other_creds, expect=200, auth=self.get_other_credentials())
         self.get(other_creds, expect=403, auth=self.get_nobody_credentials())
 
         # can list credentials on a team
diff --git a/lib/main/views.py b/lib/main/views.py
index 6f3d330caa..056d43a22e 100644
--- a/lib/main/views.py
+++ b/lib/main/views.py
@@ -229,7 +229,7 @@ class TeamsCredentialsList(BaseSubList):
         if not Team.can_user_read(self.request.user, team):
             raise PermissionDenied()
         project_credentials = Credential.objects.filter(
-            projects__teams__users__in = [ user ]
+            projects__team__users__in = [ user ]
         )
         return user.credentials.distinct() | project_credentials.distinct()
 
@@ -370,7 +370,7 @@ class UsersCredentialsList(BaseSubList):
         if not UserHelper.can_user_administrate(self.request.user, user):
             raise PermissionDenied()
         project_credentials = Credential.objects.filter(
-            projects__teams__users__in = [ user ]
+            team__users__in = [ user ]
         )
         return user.credentials.distinct() | project_credentials.distinct()