Hi @DanielS , Thank you for your replay

Yes, but we don't have limited name spaces right might have different namespaces like DB, Dynatrace, frontend, backend services, etc.

If possible, can i get examples of this situation along with screenshot

Yes look at this policy and 2 different possible boundaries.

This policy is going to allow read metrics for the given namespaces detailed in IN in the boundary or the cluster names.

@DanielS  these read permissions are already added to, but the problem is with policy boundaries, because for each cluster we have multiple namespaces for each cluster, and i could not be able to decide the which name entities user is actually looking. Also, this can't change by immediately as well (Names of a Namespaces)
Kindly look at the below screenshot, maybe you will get a more idea about.

Just to confirm, do you mean that the namespace names remain the same across different clusters?

Nope, We have multiple clusters...In policy boundaries how could i mention which all those namespaces in boundaries to apps to get visible without any restriction on their clusters information

Are you trying to restrict the visibility so that users can only see the specific Kubernetes clusters you define?

Not to restrict the visibility of namespace wise. we wanted to restrict the users with cluster wise. We have couple of applications with many clusters. So, we wanted to restrict the user up to their application clusters only.

Okay @kranthi , so if you want to restrict by cluster, why isn't the cluster boundary working for you? There's something I still don't understand about your problem.

You mean to say do we need to create separate boundary for the cluster's boundary

I mean that if you associate the cluster policy and its boundary to a group, and only grant access to those users who share those specific applications, you’ll ensure that they can only access information related to those clusters — depending on whether you choose metrics, logs, etc.