diff --git a/awx/api/views.py b/awx/api/views.py
index c236a0e1bf..dfc7685aa0 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -3631,7 +3631,6 @@ class RoleDetail(RetrieveAPIView):
 
     model = Role
     serializer_class = RoleSerializer
-    permission_classes = (IsAuthenticated,)
     new_in_300 = True
 
 
diff --git a/awx/main/access.py b/awx/main/access.py
index f25258ca3e..d94ab8be30 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1671,14 +1671,8 @@ class RoleAccess(BaseAccess):
         if self.user.is_superuser or self.user.is_system_auditor:
             return True
 
-        if obj.object_id:
-            sister_roles = Role.objects.filter(
-                content_type = obj.content_type,
-                object_id = obj.object_id
-            )
-        else:
-            sister_roles = obj
-        return self.user.roles.filter(descendents__in=sister_roles).exists()
+        return Role.filter_visible_roles(
+            self.user, Role.objects.filter(pk=obj.id)).exists()
 
     def can_add(self, obj, data):
         # Unsupported for now