diff --git a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
index 402d9298852..01e65ddc282 100644
--- a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
+++ b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
@@ -501,7 +501,11 @@ def _security_group_rule_create(self, sg_id, sg_rule):
             rules.add_policy_rule(sg_rule)
 
         sg_vnc.set_security_group_entries(rules)
-        self._vnc_lib.security_group_update(sg_vnc)
+        try:
+            self._vnc_lib.security_group_update(sg_vnc)
+        except PermissionDenied as e:
+            exc_info = {'type': 'BadRequest', 'message': str(e)}
+            bottle.abort(400, json.dumps(exc_info))
         return
     #end _security_group_rule_create