diff --git a/awx/main/tests/functional/test_rbac_credential.py b/awx/main/tests/functional/test_rbac_credential.py
index 783fdd9e82..2b134c18f5 100644
--- a/awx/main/tests/functional/test_rbac_credential.py
+++ b/awx/main/tests/functional/test_rbac_credential.py
@@ -1,5 +1,7 @@
 import pytest
 
+import mock
+
 from awx.main.access import CredentialAccess
 from awx.main.models.credential import Credential
 from django.contrib.auth.models import User
@@ -22,6 +24,21 @@ def test_credential_access_superuser():
     assert access.can_delete(credential)
 
 
+@pytest.mark.django_db
+def test_credential_access_self(rando):
+    access = CredentialAccess(rando)
+    assert access.can_add({'user': rando.pk})
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize('ext_auth', [True, False])
+def test_credential_access_org_user(org_member, org_admin, ext_auth):
+    access = CredentialAccess(org_admin)
+    with mock.patch('awx.main.access.settings') as settings_mock:
+        settings_mock.MANAGE_ORGANIZATION_AUTH = ext_auth
+        assert access.can_add({'user': org_member.pk})
+
+
 @pytest.mark.django_db
 def test_credential_access_auditor(credential, organization_factory):
     objects = organization_factory("org_cred_auditor",