diff --git a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.controller.js b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.controller.js
index 6e41696faa..1af53c230b 100644
--- a/awx/ui/client/src/access/add-rbac-resource/rbac-resource.controller.js
+++ b/awx/ui/client/src/access/add-rbac-resource/rbac-resource.controller.js
@@ -18,7 +18,9 @@ export default ['$rootScope', '$scope', 'GetBasePath', 'Rest', '$q', 'Wait', 'Pr
     // the object permissions are being added to
     scope.object = scope.resourceData.data;
     // array for all possible roles for the object
-    scope.roles = scope.object.summary_fields.object_roles;
+    scope.roles = _.omit(scope.object.summary_fields.object_roles, (key) => {
+        return key.name === 'Read';
+    });
 
     // TODO: get working with api
     // array w roles and descriptions for key
diff --git a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-role.directive.js b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-role.directive.js
index f5276dbc12..11f40109e7 100644
--- a/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-role.directive.js
+++ b/awx/ui/client/src/access/rbac-multiselect/rbac-multiselect-role.directive.js
@@ -16,7 +16,6 @@ export default
                     roles: '=',
                     model: '='
                 },
-                // @issue why is the read-only role ommited from this selection?
                 template: '<select ng-cloak class="AddPermissions-selectHide roleSelect2 form-control" ng-model="model" ng-options="role.name for role in roles track by role.id" multiple required></select>',
                 link: function(scope, element, attrs, ctrl) {
                     CreateSelect2({