diff --git a/awx/api/views.py b/awx/api/views.py
index 1ae1d03ea7..826941ec5f 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -2889,11 +2889,13 @@ class WorkflowJobTemplateCopy(WorkflowsEnforcementMixin, GenericAPIView):
     def post(self, request, *args, **kwargs):
         obj = self.get_object()
         if not request.user.can_access(self.model, 'copy', obj):
-            return PermissionDenied()
-        new_wfjt = obj.user_copy(request.user)
+            raise PermissionDenied()
+        new_obj = obj.user_copy(request.user)
+        if request.user not in new_obj.admin_role:
+            new_obj.admin_role.members.add(request.user)
         data = OrderedDict()
         data.update(WorkflowJobTemplateSerializer(
-            new_wfjt, context=self.get_serializer_context()).to_representation(new_wfjt))
+            new_obj, context=self.get_serializer_context()).to_representation(new_obj))
         return Response(data, status=status.HTTP_201_CREATED)
 
 
diff --git a/awx/main/access.py b/awx/main/access.py
index e20d5fed12..422ed6be7c 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1550,7 +1550,7 @@ class WorkflowJobTemplateAccess(BaseAccess):
                     wfjt_errors[node.id] = node_errors
             self.messages.update(wfjt_errors)
 
-        return self.check_related('organization', Organization, {}, obj=obj, mandatory=True)
+        return self.check_related('organization', Organization, {'reference_obj': obj}, mandatory=True)
 
     def can_start(self, obj, validate_license=True):
         if validate_license:
diff --git a/awx/main/tests/functional/test_rbac_workflow.py b/awx/main/tests/functional/test_rbac_workflow.py
index 3b8e8f4862..2f52f83940 100644
--- a/awx/main/tests/functional/test_rbac_workflow.py
+++ b/awx/main/tests/functional/test_rbac_workflow.py
@@ -86,6 +86,19 @@ class TestWorkflowJobAccess:
         access = WorkflowJobAccess(rando)
         assert access.can_cancel(workflow_job)
 
+    def test_copy_permissions_org_admin(self, wfjt, org_admin, org_member):
+        admin_access = WorkflowJobTemplateAccess(org_admin)
+        assert admin_access.can_copy(wfjt)
+
+    def test_copy_permissions_user(self, wfjt, org_admin, org_member):
+        '''
+        Only org admins are able to add WFJTs, only org admins
+        are able to copy them
+        '''
+        wfjt.admin_role.members.add(org_member)
+        member_access = WorkflowJobTemplateAccess(org_member)
+        assert not member_access.can_copy(wfjt)
+
     def test_workflow_copy_warnings_inv(self, wfjt, rando, inventory):
         '''
         The user `rando` does not have access to the prompted inventory in a