diff --git a/awx/main/access.py b/awx/main/access.py
index f894eba6f6..bb8912bd88 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -6,6 +6,7 @@ import sys
 import logging
 
 # Django
+from django.conf import settings
 from django.db.models import F, Q
 from django.contrib.auth.models import User
 
@@ -172,7 +173,7 @@ class UserAccess(BaseAccess):
         qs = self.model.objects.filter(is_active=True).distinct()
         if self.user.is_superuser:
             return qs
-        if self.user.admin_of_organizations.filter(active=True).exists():
+        if settings.ORG_ADMINS_CAN_SEE_ALL_USERS and self.user.admin_of_organizations.filter(active=True).exists():
             return qs
         return qs.filter(
             Q(pk=self.user.pk) |
diff --git a/awx/main/tests/users.py b/awx/main/tests/users.py
index 50226925f3..c53dcaa632 100644
--- a/awx/main/tests/users.py
+++ b/awx/main/tests/users.py
@@ -244,6 +244,11 @@ class UsersTest(BaseTest):
         # Normal user is an org admin, can see all users.
         data2 = self.get(url, expect=200, auth=self.get_normal_credentials())
         self.assertEquals(data2['count'], 4)
+        # Unless the setting ORG_ADMINS_CAN_SEE_ALL_USERS is False, in which case
+        # he can only see users in his org
+        settings.ORG_ADMINS_CAN_SEE_ALL_USERS = False
+        data2 = self.get(url, expect=200, auth=self.get_normal_credentials())
+        self.assertEquals(data2['count'], 2)
         # Other use can only see users in his org.
         data1 = self.get(url, expect=200, auth=self.get_other_credentials())
         self.assertEquals(data1['count'], 2)
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index 88e067b62f..ea34f44161 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -500,6 +500,8 @@ TASK_COMMAND_PORT = "tcp://127.0.0.1:6559"
 SOCKETIO_NOTIFICATION_PORT = "tcp://127.0.0.1:6557"
 SOCKETIO_LISTEN_PORT = 8080
 
+ORG_ADMINS_CAN_SEE_ALL_USERS = True
+
 # Logging configuration.
 LOGGING = {
     'version': 1,