diff --git a/awx/main/fields.py b/awx/main/fields.py
index 79cb189fc8..7785cf1f72 100644
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@@ -204,11 +204,15 @@ class ImplicitRoleField(models.ForeignKey):
                 else:
                     sender = field.related.through
 
-                m2m_changed.connect(self.m2m_update(field_attr), sender, weak=False)
+                reverse = type(field) is ManyRelatedObjectsDescriptor
+                m2m_changed.connect(self.m2m_update(field_attr, reverse), sender, weak=False)
 
-    def m2m_update(self, field_attr):
+    def m2m_update(self, field_attr, _reverse):
         def _m2m_update(instance, action, model, pk_set, reverse, **kwargs):
             if action == 'post_add' or action == 'pre_remove':
+                if _reverse:
+                    reverse = not reverse
+
                 if reverse:
                     for pk in pk_set:
                         obj = model.objects.get(pk=pk)
diff --git a/awx/main/tests/functional/test_rbac_api.py b/awx/main/tests/functional/test_rbac_api.py
index 10f6985704..dc24bd8c6c 100644
--- a/awx/main/tests/functional/test_rbac_api.py
+++ b/awx/main/tests/functional/test_rbac_api.py
@@ -69,7 +69,7 @@ def test_cant_delete_role(delete, admin):
     # Some day we might want to do this, but until that is speced out, lets
     # ensure we don't slip up and allow this implicitly through some helper or
     # another
-    response = delete(reverse('api:role_detail', args=(admin.resource.admin_role.id,)), admin)
+    response = delete(reverse('api:role_detail', args=(admin.admin_role.id,)), admin)
     assert response.status_code == 405