IAM Policy for User Registration to Certain Namespaces Only

Hey y’all - not sure if this community is the right place to ask this, but I’m looking to make an IAM policy that allows a user to register another user to only a certain namespace based on resource tagging. From what I’ve seen, quicksight:Namespace is not a conditional.

Any thoughts/opinions on how this could be accomplished? Attaching the snippet I wrote which has what I WANT to accomplish, but I don’t think the conditional is valid.

{
   "Sid": "Allow user registration to product namespace only",
   "Effect": "Allow",
   "Resource": "arn:${Partition}:quicksight:${Region}:${Account}:user/productname-*",
   "Action": "quicksight:RegisterUser",
       "Condition": {
           "StringLike": {
               "quicksight:Namespace:resourceTag/TeamTag": "ProductName"
           }
       }
}

Would this work to keep the user registration limited to a desired namespace?

"StringLike": {
     "aws:resourceTag/TeamTag": "ProductName"
}

Hi @Steven.schmidt

Have you tried you like condition?

Similarly have you tried to limit the resource to just that namespace?