diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index faecaaa576..b7aafe86bc 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -1723,11 +1723,11 @@ class CredentialSerializer(BaseSerializer):
             owner_teams = reverse('api:credential_owner_teams_list', args=(obj.pk,)),
         ))
 
-        parents = obj.admin_role.parents.exclude(object_id__isnull=True)
-        if parents.count() > 0:
+        parents = [role for role in obj.admin_role.parents.all() if role.object_id is not None]
+        if parents:
             res.update({parents[0].content_type.name:parents[0].content_object.get_absolute_url()})
-        elif obj.admin_role.members.count() > 0:
-            user = obj.admin_role.members.first()
+        elif len(obj.admin_role.members.all()) > 0:
+            user = obj.admin_role.members.all()[0]
             res.update({'user': reverse('api:user_detail', args=(user.pk,))})
 
         return res
@@ -1745,7 +1745,7 @@ class CredentialSerializer(BaseSerializer):
                 'url': reverse('api:user_detail', args=(user.pk,)),
             })
 
-        for parent in obj.admin_role.parents.exclude(object_id__isnull=True).all():
+        for parent in [role for role in obj.admin_role.parents.all() if role.object_id is not None]:
             summary_dict['owners'].append({
                 'id': parent.content_object.pk,
                 'type': camelcase_to_underscore(parent.content_object.__class__.__name__),
diff --git a/awx/api/views.py b/awx/api/views.py
index 2182358999..7dbc6a9a0c 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1434,6 +1434,7 @@ class CredentialList(ListCreateAPIView):
 
     model = Credential
     serializer_class = CredentialSerializerCreate
+    capabilities_prefetch = ['admin', 'use']
 
 
 class CredentialOwnerUsersList(SubListAPIView):
diff --git a/awx/main/access.py b/awx/main/access.py
index 7bef51a20f..736185be36 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -817,7 +817,11 @@ class CredentialAccess(BaseAccess):
         permitted to see.
         """
         qs = self.model.accessible_objects(self.user, 'read_role')
-        return qs.select_related('created_by', 'modified_by').all()
+        qs = qs.select_related('created_by', 'modified_by')
+        qs = qs.prefetch_related(
+            'admin_role', 'use_role', 'read_role',
+            'admin_role__parents', 'admin_role__members')
+        return qs
 
     @check_superuser
     def can_read(self, obj):