diff --git a/jobs/cloud_controller_ng/spec b/jobs/cloud_controller_ng/spec
index 6040f7885f..693ccf4ed1 100644
--- a/jobs/cloud_controller_ng/spec
+++ b/jobs/cloud_controller_ng/spec
@@ -1173,6 +1173,9 @@ properties:
   cc.rate_limiter.unauthenticated_limit:
     description: "The number of requests that an unauthenticated client is allowed to make over an hour-long interval"
     default: 100
+  cc.rate_limiter.admin_limit:
+    description: "The number of requests an admin user or client is allowed to make over the configured interval. Set to -1 for no limit."
+    default: -1
   cc.rate_limiter.reset_interval_in_minutes:
     description: "The interval in minutes after which a user's available API requests will be reset"
     default: 60
diff --git a/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb b/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb
index 73821d9236..8d535b225b 100644
--- a/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb
+++ b/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb
@@ -508,6 +508,8 @@ rate_limiter:
   per_process_general_limit: <%= (p("cc.rate_limiter.general_limit").to_f/instances).ceil %>
   global_unauthenticated_limit: <%= p("cc.rate_limiter.unauthenticated_limit") %>
   per_process_unauthenticated_limit: <%= (p("cc.rate_limiter.unauthenticated_limit").to_f/instances).ceil %>
+  global_admin_limit: <%= p("cc.rate_limiter.admin_limit") %>
+  per_process_admin_limit: <%= p("cc.rate_limiter.admin_limit") == -1 ? -1 : (p("cc.rate_limiter.admin_limit").to_f/instances).ceil %>
   reset_interval_in_minutes: <%= p("cc.rate_limiter.reset_interval_in_minutes") %>
 
 max_concurrent_service_broker_requests: <%= p("cc.max_concurrent_service_broker_requests") %>