diff --git a/lms/djangoapps/course_api/api.py b/lms/djangoapps/course_api/api.py
index 20c20a3802..86aa3c9d39 100644
--- a/lms/djangoapps/course_api/api.py
+++ b/lms/djangoapps/course_api/api.py
@@ -184,15 +184,16 @@ def list_course_keys(request, username, role):
         # TNL-7448, DESUPPORT-416, and probably more.
         #
         # This is a simplified implementation that does not consider org-level access grants (e.g. when course_id is
-        # blank).
+        # empty).
         filtered_course_keys = (
             CourseAccessRole.objects.filter(
                 user=user,
                 # Having the instructor role implies staff access.
                 role__in=['staff', 'instructor'],
-                # We need to check against CourseOverview so that we don't return any Libraries.
-                course_id__in=CourseOverview.objects.all(),
             )
+            # We need to check against CourseOverview so that we don't return any Libraries.
+            .extra(tables=['course_overviews_courseoverview'], where=['course_id = course_overviews_courseoverview.id'])
+            # For good measure, make sure we don't return empty course IDs.
             .exclude(course_id=CourseKeyField.Empty)
             .order_by('course_id')
             .values_list('course_id', flat=True)