diff --git a/awx/main/access.py b/awx/main/access.py
index 7f0f1501b5..5c88900297 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -156,7 +156,8 @@ class UserAccess(BaseAccess):
     I can see user records when:
      - I'm a superuser.
      - I'm that user.
-     - I'm their org admin.
+     - I'm an org admin (org admins should be able to see all users, in order
+       to add those users to the org).
      - I'm in an org with that user.
      - I'm on a team with that user.
     I can change some fields for a user (mainly password) when I am that user.
@@ -171,6 +172,8 @@ class UserAccess(BaseAccess):
         qs = self.model.objects.filter(is_active=True).distinct()
         if self.user.is_superuser:
             return qs
+        if self.user.admin_of_organizations.count():
+            return qs
         return qs.filter(
             Q(pk=self.user.pk) |
             Q(organizations__in=self.user.admin_of_organizations.all()) |
diff --git a/awx/main/tests/users.py b/awx/main/tests/users.py
index 18f32673bd..3523c6b12d 100644
--- a/awx/main/tests/users.py
+++ b/awx/main/tests/users.py
@@ -226,8 +226,9 @@ class UsersTest(BaseTest):
         url = reverse('api:user_list')
         data3 = self.get(url, expect=200, auth=self.get_super_credentials())
         self.assertEquals(data3['count'], 4)
+        # Normal user is an org admin, can see all users.
         data2 = self.get(url, expect=200, auth=self.get_normal_credentials())
-        self.assertEquals(data2['count'], 2)
+        self.assertEquals(data2['count'], 4)
         data1 = self.get(url, expect=200, auth=self.get_other_credentials())
         self.assertEquals(data1['count'], 2)