diff --git a/awx/main/access.py b/awx/main/access.py
index 4c7dba60fe..015c7d3dd8 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -28,29 +28,6 @@ __all__ = ['get_user_queryset', 'check_user_access', 'check_user_access_with_err
            'user_accessible_objects', 'consumer_access',
            'user_admin_role', 'StateConflict',]
 
-PERMISSION_TYPES = [
-    PERM_INVENTORY_ADMIN,
-    PERM_INVENTORY_READ,
-    PERM_INVENTORY_WRITE,
-    PERM_INVENTORY_DEPLOY,
-    PERM_INVENTORY_CHECK,
-]
-
-PERMISSION_TYPES_ALLOWING_INVENTORY_READ = [
-    PERM_INVENTORY_ADMIN,
-    PERM_INVENTORY_WRITE,
-    PERM_INVENTORY_READ,
-]
-
-PERMISSION_TYPES_ALLOWING_INVENTORY_WRITE = [
-    PERM_INVENTORY_ADMIN,
-    PERM_INVENTORY_WRITE,
-]
-
-PERMISSION_TYPES_ALLOWING_INVENTORY_ADMIN = [
-    PERM_INVENTORY_ADMIN,
-]
-
 logger = logging.getLogger('awx.main.access')
 
 access_registry = {
diff --git a/awx/main/migrations/_old_access.py b/awx/main/migrations/_old_access.py
index 2996816abe..5069513586 100644
--- a/awx/main/migrations/_old_access.py
+++ b/awx/main/migrations/_old_access.py
@@ -27,6 +27,11 @@ from awx.conf.license import LicenseForbids
 
 __all__ = ['get_user_queryset', 'check_user_access']
 
+PERM_INVENTORY_ADMIN = 'admin'
+PERM_INVENTORY_READ = 'read'
+PERM_INVENTORY_WRITE = 'write'
+PERM_JOBTEMPLATE_CREATE = 'create'
+
 PERMISSION_TYPES = [
     PERM_INVENTORY_ADMIN,
     PERM_INVENTORY_READ,
@@ -57,10 +62,12 @@ access_registry = {
     # ...
 }
 
+
 def register_access(model_class, access_class):
     access_classes = access_registry.setdefault(model_class, [])
     access_classes.append(access_class)
 
+
 def get_user_queryset(user, model_class):
     '''
     Return a queryset for the given model_class containing only the instances
@@ -80,6 +87,7 @@ def get_user_queryset(user, model_class):
             queryset = queryset.filter(pk__in=qs.values_list('pk', flat=True))
         return queryset
 
+
 def check_user_access(user, model_class, action, *args, **kwargs):
     '''
     Return True if user can perform action against model_class with the
@@ -243,6 +251,7 @@ class UserAccess(BaseAccess):
         return bool(self.user.is_superuser or
                     obj.deprecated_organizations.filter(deprecated_admins__in=[self.user]).exists())
 
+
 class OrganizationAccess(BaseAccess):
     '''
     I can see organizations when:
@@ -270,6 +279,7 @@ class OrganizationAccess(BaseAccess):
         self.check_license(feature='multiple_organizations', check_expiration=False)
         return self.can_change(obj, None)
 
+
 class InventoryAccess(BaseAccess):
     '''
     I can see inventory when:
@@ -365,6 +375,7 @@ class InventoryAccess(BaseAccess):
     def can_run_ad_hoc_commands(self, obj):
         return self.has_permission_types(obj, PERMISSION_TYPES_ALLOWING_INVENTORY_READ, True)
 
+
 class HostAccess(BaseAccess):
     '''
     I can see hosts whenever I can see their inventory.
@@ -421,6 +432,7 @@ class HostAccess(BaseAccess):
     def can_delete(self, obj):
         return obj and check_user_access(self.user, Inventory, 'delete', obj.inventory)
 
+
 class GroupAccess(BaseAccess):
     '''
     I can see groups whenever I can see their inventory.
@@ -517,6 +529,7 @@ class InventorySourceAccess(BaseAccess):
     def can_start(self, obj):
         return self.can_change(obj, {}) and obj.can_update
 
+
 class InventoryUpdateAccess(BaseAccess):
     '''
     I can see inventory updates when I can see the inventory source.
@@ -536,6 +549,7 @@ class InventoryUpdateAccess(BaseAccess):
     def can_cancel(self, obj):
         return self.can_change(obj, {}) and obj.can_cancel
 
+
 class CredentialAccess(BaseAccess):
     '''
     I can see credentials when:
@@ -615,6 +629,7 @@ class CredentialAccess(BaseAccess):
             return True
         return self.can_change(obj, None)
 
+
 class TeamAccess(BaseAccess):
     '''
     I can see a team when:
@@ -662,6 +677,7 @@ class TeamAccess(BaseAccess):
     def can_delete(self, obj):
         return self.can_change(obj, None)
 
+
 class ProjectAccess(BaseAccess):
     '''
     I can see projects when:
@@ -728,6 +744,7 @@ class ProjectAccess(BaseAccess):
     def can_start(self, obj):
         return self.can_change(obj, {}) and obj.can_update
 
+
 class ProjectUpdateAccess(BaseAccess):
     '''
     I can see project updates when I can see the project.
@@ -749,6 +766,7 @@ class ProjectUpdateAccess(BaseAccess):
     def can_delete(self, obj):
         return obj and check_user_access(self.user, Project, 'delete', obj.project)
 
+
 class PermissionAccess(BaseAccess):
     '''
     I can see a permission when:
@@ -842,6 +860,7 @@ class PermissionAccess(BaseAccess):
     def can_delete(self, obj):
         return self.can_change(obj, None)
 
+
 class JobTemplateAccess(BaseAccess):
     '''
     I can see job templates when:
@@ -1068,6 +1087,7 @@ class JobTemplateAccess(BaseAccess):
                        job_type=obj.job_type)
         return self.can_add(add_obj)
 
+
 class JobAccess(BaseAccess):
 
     model = Job
@@ -1168,6 +1188,7 @@ class JobAccess(BaseAccess):
     def can_cancel(self, obj):
         return self.can_read(obj) and obj.can_cancel
 
+
 class SystemJobTemplateAccess(BaseAccess):
     '''
     I can only see/manage System Job Templates if I'm a super user
@@ -1178,12 +1199,14 @@ class SystemJobTemplateAccess(BaseAccess):
     def can_start(self, obj):
         return self.can_read(obj)
 
+
 class SystemJobAccess(BaseAccess):
     '''
     I can only see manage System Jobs if I'm a super user
     '''
     model = SystemJob
 
+
 class AdHocCommandAccess(BaseAccess):
     '''
     I can only see/run ad hoc commands when:
@@ -1259,6 +1282,7 @@ class AdHocCommandAccess(BaseAccess):
     def can_cancel(self, obj):
         return self.can_read(obj) and obj.can_cancel
 
+
 class AdHocCommandEventAccess(BaseAccess):
     '''
     I can see ad hoc command event records whenever I can read both ad hoc
@@ -1288,6 +1312,7 @@ class AdHocCommandEventAccess(BaseAccess):
     def can_delete(self, obj):
         return False
 
+
 class JobHostSummaryAccess(BaseAccess):
     '''
     I can see job/host summary records whenever I can read both job and host.
@@ -1313,6 +1338,7 @@ class JobHostSummaryAccess(BaseAccess):
     def can_delete(self, obj):
         return False
 
+
 class JobEventAccess(BaseAccess):
     '''
     I can see job event records whenever I can read both job and host.
@@ -1347,6 +1373,7 @@ class JobEventAccess(BaseAccess):
     def can_delete(self, obj):
         return False
 
+
 class UnifiedJobTemplateAccess(BaseAccess):
     '''
     I can see a unified job template whenever I can see the same project,
@@ -1379,6 +1406,7 @@ class UnifiedJobTemplateAccess(BaseAccess):
         # FIXME: Figure out how to do select/prefetch on related project/inventory/credential/cloud_credential.
         return qs
 
+
 class UnifiedJobAccess(BaseAccess):
     '''
     I can see a unified job whenever I can see the same project update,
@@ -1417,6 +1445,7 @@ class UnifiedJobAccess(BaseAccess):
         # FIXME: Figure out how to do select/prefetch on related project/inventory/credential/cloud_credential.
         return qs
 
+
 class ScheduleAccess(BaseAccess):
     '''
     I can see a schedule if I can see it's related unified job, I can create them or update them if I have write access
@@ -1475,6 +1504,7 @@ class ScheduleAccess(BaseAccess):
         else:
             return False
 
+
 class ActivityStreamAccess(BaseAccess):
     '''
     I can see activity stream events only when I have permission on all objects included in the event
@@ -1592,6 +1622,7 @@ class ActivityStreamAccess(BaseAccess):
     def can_delete(self, obj):
         return False
 
+
 class CustomInventoryScriptAccess(BaseAccess):
 
     model = CustomInventoryScript
diff --git a/awx/main/models/base.py b/awx/main/models/base.py
index 51152aeaaf..d2f374b5a0 100644
--- a/awx/main/models/base.py
+++ b/awx/main/models/base.py
@@ -26,20 +26,15 @@ from awx.main.utils import encrypt_field
 __all__ = ['prevent_search', 'VarsDictProperty', 'BaseModel', 'CreatedModifiedModel',
            'PasswordFieldsModel', 'PrimordialModel', 'CommonModel',
            'CommonModelNameNotUnique', 'NotificationFieldsModel',
-           'PERM_INVENTORY_ADMIN', 'PERM_INVENTORY_READ',
-           'PERM_INVENTORY_WRITE', 'PERM_INVENTORY_DEPLOY', 'PERM_INVENTORY_SCAN',
-           'PERM_INVENTORY_CHECK', 'PERM_JOBTEMPLATE_CREATE', 'JOB_TYPE_CHOICES',
+           'PERM_INVENTORY_DEPLOY', 'PERM_INVENTORY_SCAN',
+           'PERM_INVENTORY_CHECK', 'JOB_TYPE_CHOICES',
            'AD_HOC_JOB_TYPE_CHOICES', 'PROJECT_UPDATE_JOB_TYPE_CHOICES',
-           'PERMISSION_TYPE_CHOICES', 'CLOUD_INVENTORY_SOURCES',
+           'CLOUD_INVENTORY_SOURCES',
            'VERBOSITY_CHOICES']
 
-PERM_INVENTORY_ADMIN  = 'admin'
-PERM_INVENTORY_READ   = 'read'
-PERM_INVENTORY_WRITE  = 'write'
 PERM_INVENTORY_DEPLOY = 'run'
 PERM_INVENTORY_CHECK  = 'check'
 PERM_INVENTORY_SCAN   = 'scan'
-PERM_JOBTEMPLATE_CREATE = 'create'
 
 JOB_TYPE_CHOICES = [
     (PERM_INVENTORY_DEPLOY, _('Run')),
@@ -57,16 +52,6 @@ PROJECT_UPDATE_JOB_TYPE_CHOICES = [
     (PERM_INVENTORY_CHECK, _('Check')),
 ]
 
-PERMISSION_TYPE_CHOICES = [
-    (PERM_INVENTORY_READ, _('Read Inventory')),
-    (PERM_INVENTORY_WRITE, _('Edit Inventory')),
-    (PERM_INVENTORY_ADMIN, _('Administrate Inventory')),
-    (PERM_INVENTORY_DEPLOY, _('Deploy To Inventory')),
-    (PERM_INVENTORY_CHECK, _('Deploy To Inventory (Dry Run)')),
-    (PERM_INVENTORY_SCAN, _('Scan an Inventory')),
-    (PERM_JOBTEMPLATE_CREATE, _('Create a Job Template')),
-]
-
 CLOUD_INVENTORY_SOURCES = ['ec2', 'rax', 'vmware', 'gce', 'azure', 'azure_rm', 'openstack', 'custom', 'satellite6', 'cloudforms']
 
 VERBOSITY_CHOICES = [