1 This quota only applies for organizations that don't have an
organization-level activation of the Premium or Enterprise tier of
Security Command Center. This limit is shared among all Policy Analyzer
tools.
For more details, see
Billing questions in the
Policy Intelligence documentation.
Project quota
Cloud Asset Inventory enforces the rate of incoming requests based on the consumer
project. The default quotas are as follows:
Quota
Value
AnalyzeIamPolicy
100 per minute per consumer project
1000 per day per consumer project
AnalyzeIamPolicyLongrunning
100 per minute per consumer project
1000 per day per consumer project
BatchGetAssetsHistory
100 per minute per consumer project
BatchGetEffectiveIamPolicies
100 per minute per consumer project
ExportAssets
60 per minute per consumer project
6000 per day per consumer project
In addition to the per-project quota, Cloud Asset Inventory also enforces rate
limits on incoming requests based on resource organization. The limits are as
follows:
Quota
Value
BatchGetAssetsHistory
180 per minute per organization
195,000 per day per organization
ExportAssets
75 per minute per organization
13,000 per day per organization
ListAssets
800 per minute per organization
650,000 per day per organization
QueryAssets
20 per minute per organization for requests with a
query statement
200 per minute per organization for requests with a
job reference
The Policy Analyzer limits group expansion in the group memberships and
resource expansion in the resource hierarchy to the following values.
Limit
Value
AnalyzeIamPolicy group expansion
1000 per group
AnalyzeIamPolicy resource expansion
1000 per resource
AnalyzeIamPolicyLongrunning resource
expansion
100000 per resource
Downstream services
In addition to limits enforced by Cloud Asset Inventory, the number of incoming
requests is also capped by the rate and quota of the downstream services that
Cloud Asset Inventory depends on.
BigQuery
Table operations: BigQuery has a quota limit
for table operations, which defines the maximum number of ExportAssets API
requests to the same BigQuery table that can be performed daily.
ExportAssets issues 2 table operations per table per request.
Query jobs: BigQuery has a concurrent
rate limit for query job, which defines the
maximum number of concurrent ExportAssets API requests that can be issued
per project.
Pub/Sub
Publisher throughput: Pub/Sub has a
publisher throughput limit per region, which affects
the combined asset update size
Real-time feed can publish to
your topic.
Message size: Pub/Sub has
message limits. For
Real-time feed, if the payload
of your asset update exceeds the limit, your asset update is discarded.
Request a quota increase
If you have access to the Security Command Center Premium or Enterprise tier at the
organization level, you can contact your account representative to request a
Cloud Asset Inventory quota increase. Activating Security Command Center Premium or Enterprise
at the project level only might not be qualified to get additional quota.
Access to the Security Command Center Premium or Enterprise tier also automatically grants
an unlimited number of analysis queries per organization per day.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003ePolicy Analyzer queries are limited to 20 per organization per day for those without Security Command Center's Premium or Enterprise tier at the organization level.\u003c/p\u003e\n"],["\u003cp\u003eCloud Asset Inventory enforces project-based quotas, such as 100 \u003ccode\u003eAnalyzeIamPolicy\u003c/code\u003e requests per minute per project, and daily limits such as 1000 per day per project.\u003c/p\u003e\n"],["\u003cp\u003eThere are organization-based rate limits for Cloud Asset Inventory, including 180 \u003ccode\u003eBatchGetAssetsHistory\u003c/code\u003e requests per minute per organization.\u003c/p\u003e\n"],["\u003cp\u003ePolicy Analyzer has expansion limits, including 1000 group expansions per group for \u003ccode\u003eAnalyzeIamPolicy\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eDownstream services like BigQuery and Pub/Sub also have their own limits, affecting Cloud Asset Inventory operations such as \u003ccode\u003eExportAssets\u003c/code\u003e and \u003ccode\u003eReal-time feed\u003c/code\u003e functionalities.\u003c/p\u003e\n"]]],[],null,["# Quotas and limits\n\nFree analysis query limit\n-------------------------\n\nPolicy Analyzer limits the number of queries that you can make\nif you don't have an\n[organization-level activation of the Premium or Enterprise tier of Security Command Center](/security-command-center/pricing#organization-level-activations).\n\n^1^ This quota only applies for organizations that don't have an\norganization-level activation of the Premium or Enterprise tier of\nSecurity Command Center. This limit is shared among all Policy Analyzer\ntools.\n\nFor more details, see\n[Billing questions](/policy-intelligence/docs/billing-questions) in the\nPolicy Intelligence documentation.\n\nProject quota\n-------------\n\nCloud Asset Inventory enforces the rate of incoming requests based on the consumer\nproject. The default quotas are as follows:\n\nYou can use the\n[APIs and services quotas dashboard](https://console.cloud.google.com/apis/api/cloudasset.googleapis.com/quotas?project=_)\nto view current quotas and usage for your project.\n\nResource organization quota\n---------------------------\n\nIn addition to the per-project quota, Cloud Asset Inventory also enforces rate\nlimits on incoming requests based on resource organization. The limits are as\nfollows:\n\nPolicy Analyzer expansion limits\n--------------------------------\n\nThe Policy Analyzer limits group expansion in the group memberships and\nresource expansion in the resource hierarchy to the following values.\n\nDownstream services\n-------------------\n\nIn addition to limits enforced by Cloud Asset Inventory, the number of incoming\nrequests is also capped by the rate and quota of the downstream services that\nCloud Asset Inventory depends on.\n\n### BigQuery\n\n- **Table operations:** BigQuery has a [quota limit](/bigquery/quotas)\n for table operations, which defines the maximum number of `ExportAssets` API\n requests to the same BigQuery table that can be performed daily.\n `ExportAssets` issues 2 table operations per table per request.\n\n- **Query jobs:** BigQuery has a concurrent\n [rate limit](/bigquery/quotas#query_jobs) for query job, which defines the\n maximum number of concurrent `ExportAssets` API requests that can be issued\n per project.\n\n### Pub/Sub\n\n- **Publisher throughput:** Pub/Sub has a\n [publisher throughput limit](/pubsub/quotas#quotas) per region, which affects\n the combined asset update size\n [`Real-time feed`](/asset-inventory//docs/monitor-asset-changes) can publish to\n your topic.\n\n- **Message size:** Pub/Sub has\n [message limits](/pubsub/quotas#resource_limits). For\n [`Real-time feed`](/asset-inventory//docs/monitor-asset-changes), if the payload\n of your asset update exceeds the limit, your asset update is discarded.\n\nRequest a quota increase\n------------------------\n\nIf you have access to the Security Command Center Premium or Enterprise tier at the\norganization level, you can contact your account representative to request a\nCloud Asset Inventory quota increase. Activating Security Command Center Premium or Enterprise\nat the project level only might not be qualified to get additional quota.\n\nAccess to the Security Command Center Premium or Enterprise tier also automatically grants\nan unlimited number of analysis queries per organization per day."]]
