diff --git a/awx/main/access.py b/awx/main/access.py
index 27f7c80cda..b3f2bc17e6 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -1562,7 +1562,7 @@ class CustomInventoryScriptAccess(BaseAccess):
         return self.user in org.admin_role
 
     @check_superuser
-    def can_admin(self, obj):
+    def can_admin(self, obj, data=None):
         return self.user in obj.admin_role
 
     @check_superuser
diff --git a/awx/main/migrations/_old_access.py b/awx/main/migrations/_old_access.py
index ce952461ac..da49723a9e 100644
--- a/awx/main/migrations/_old_access.py
+++ b/awx/main/migrations/_old_access.py
@@ -656,7 +656,7 @@ class TeamAccess(BaseAccess):
             raise PermissionDenied('Unable to change organization on a team')
         if self.user.is_superuser:
             return True
-        if self.user in obj.organization.deprecated_admins.all():
+        if obj.organization and self.user in obj.organization.deprecated_admins.all():
             return True
         return False
 
diff --git a/awx/main/migrations/_rbac.py b/awx/main/migrations/_rbac.py
index ee4100431e..4a1115c4b3 100644
--- a/awx/main/migrations/_rbac.py
+++ b/awx/main/migrations/_rbac.py
@@ -198,7 +198,8 @@ def migrate_credential(apps, schema_editor):
             logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at organization level".format(cred.name, cred.kind, cred.host)))
 
         if cred.deprecated_team is not None:
-            cred.deprecated_team.member_role.children.add(cred.admin_role)
+            cred.deprecated_team.admin_role.children.add(cred.admin_role)
+            cred.deprecated_team.member_role.children.add(cred.use_role)
             cred.save()
             logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at user level".format(cred.name, cred.kind, cred.host)))
         elif cred.deprecated_user is not None:
diff --git a/awx/main/tests/functional/test_rbac_credential.py b/awx/main/tests/functional/test_rbac_credential.py
index 95a6610a23..3b154d6f42 100644
--- a/awx/main/tests/functional/test_rbac_credential.py
+++ b/awx/main/tests/functional/test_rbac_credential.py
@@ -28,8 +28,10 @@ def test_two_teams_same_cred_name(organization_factory):
 
     rbac.migrate_credential(apps, None)
 
-    assert objects.teams.team1.member_role in cred1.admin_role.parents.all()
-    assert objects.teams.team2.member_role in cred2.admin_role.parents.all()
+    assert objects.teams.team1.admin_role in cred1.admin_role.parents.all()
+    assert objects.teams.team2.admin_role in cred2.admin_role.parents.all()
+    assert objects.teams.team1.member_role in cred1.use_role.parents.all()
+    assert objects.teams.team2.member_role in cred2.use_role.parents.all()
 
 @pytest.mark.django_db
 def test_credential_use_role(credential, user, permissions):
@@ -53,7 +55,7 @@ def test_credential_migration_team_member(credential, team, user, permissions):
     rbac.migrate_credential(apps, None)
 
     # Admin permissions post migration
-    assert u in credential.admin_role
+    assert u in credential.use_role
 
 @pytest.mark.django_db
 def test_credential_migration_team_admin(credential, team, user, permissions):