diff --git a/src/config/api-server/vnc_cfg_types.py b/src/config/api-server/vnc_cfg_types.py
index deb3354e48d..a5268521607 100644
--- a/src/config/api-server/vnc_cfg_types.py
+++ b/src/config/api-server/vnc_cfg_types.py
@@ -839,12 +839,23 @@ def http_put(cls, id, fq_name, obj_dict, db_conn):
         if not ok:
             return (False, (500, 'Bad Project error : ' + pformat(proj_dict)))
 
-        obj_type = 'security-group-rule'
         if 'security_group_entries' in obj_dict:
-            quota_count = len(obj_dict['security_group_entries']['policy_rule'])
-            (ok, quota_limit) = QuotaHelper.check_quota_limit(proj_dict, obj_type, quota_count)
-            if not ok:
-                return (False, (403, pformat(fq_name) + ' : ' + quota_limit))
+            rule_count = len(obj_dict['security_group_entries']['policy_rule'])
+            obj_type = 'security-group-rule'
+            for sg in proj_dict.get('security_groups', []):
+                if sg['uuid'] == sec_dict['uuid']:
+                    continue
+                ok, sg_dict = db_conn.dbe_read('security-group', sg)
+                if not ok:
+                    continue
+                sge = sg_dict.get('security_group_entries', {})
+                rule_count += len(sge.get('policy_rule', []))
+
+            if sec_dict['id_perms'].get('user_visible', True) is not False:
+                (ok, quota_limit) = QuotaHelper.check_quota_limit(proj_dict, obj_type,
+                                                                  rule_count-1)
+                if not ok:
+                    return (False, (403, pformat(fq_name) + ' : ' + quota_limit))
 
         _check_policy_rule_uuid(obj_dict.get('security_group_entries'))
         return True, ""