diff --git a/awx/api/views.py b/awx/api/views.py
index 1c74e52b36..4496122bf4 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1319,7 +1319,7 @@ class UserDetail(RetrieveUpdateDestroyAPIView):
         can_admin = request.user.can_access(User, 'admin', obj, request.data)
 
         su_only_edit_fields = ('is_superuser', 'is_system_auditor')
-        admin_only_edit_fields = ('last_name', 'first_name', 'username', 'is_active')
+        admin_only_edit_fields = ('username', 'is_active')
 
         fields_to_check = ()
         if not request.user.is_superuser:
diff --git a/awx/main/tests/old/users.py b/awx/main/tests/old/users.py
index 6fc7726512..df2d5e19bc 100644
--- a/awx/main/tests/old/users.py
+++ b/awx/main/tests/old/users.py
@@ -329,9 +329,9 @@ class UsersTest(BaseTest):
         detail_url = reverse('api:user_detail', args=(self.other_django_user.pk,))
         data = self.get(detail_url, expect=200, auth=self.get_other_credentials())
 
-        # can't change first_name, last_name, etc
+        # can change first_name, last_name, etc
         data['last_name'] = "NewLastName"
-        self.put(detail_url, data, expect=403, auth=self.get_other_credentials())
+        self.put(detail_url, data, expect=200, auth=self.get_other_credentials())
 
         # can't change username
         data['username'] = 'newUsername'