diff --git a/awx/main/models/credential.py b/awx/main/models/credential.py
index 9ae6b47298..2c32d5cdbb 100644
--- a/awx/main/models/credential.py
+++ b/awx/main/models/credential.py
@@ -164,6 +164,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
         role_description='Owner of the credential',
         parent_role=[
             'team.admin_role',
+            'user.admin_role',
             'singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR,
         ],
         permissions = {'all': True}
@@ -180,7 +181,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
         role_name='Credential User',
         role_description='May use this credential, but not read sensitive portions or modify it',
         parent_role= 'team.member_role',
-        permissions = {'use': True}
+        permissions = {'read': True, 'use': True}
     )
 
     @property