diff --git a/pkg/operator/controllers/guardrails/policies/gkconstraints/aro-privileged-namespace-deny.yaml b/pkg/operator/controllers/guardrails/policies/gkconstraints/aro-privileged-namespace-deny.yaml
index 28b9cb14157..5f9b3aa70fb 100644
--- a/pkg/operator/controllers/guardrails/policies/gkconstraints/aro-privileged-namespace-deny.yaml
+++ b/pkg/operator/controllers/guardrails/policies/gkconstraints/aro-privileged-namespace-deny.yaml
@@ -14,6 +14,7 @@ spec:
         "ServiceAccount",
         "ReplicationController",
         "ResourceQuota",
+        "Namespace",
         ]
       - apiGroups: ["apps"]
         kinds: ["Deployment", "ReplicaSet", "StatefulSet", "DaemonSet"]
diff --git a/pkg/operator/controllers/guardrails/policies/gktemplates-src/aro-deny-privileged-namespace/src.rego b/pkg/operator/controllers/guardrails/policies/gktemplates-src/aro-deny-privileged-namespace/src.rego
index c7716fd3d4b..9ecbe1a962c 100644
--- a/pkg/operator/controllers/guardrails/policies/gktemplates-src/aro-deny-privileged-namespace/src.rego
+++ b/pkg/operator/controllers/guardrails/policies/gktemplates-src/aro-deny-privileged-namespace/src.rego
@@ -5,9 +5,21 @@ import data.lib.common.is_exempted_account
 import data.lib.common.get_username
 
 violation[{"msg": msg}] {
+  is_namespace(input.review)
+  ns := input.review.name
+  is_priv_namespace(ns)
+  not is_exempted_account(input.review)
+  username := get_username(input.review)
+  msg := sprintf("user %v not allowed to operate namespace %v", [username, ns])
+} {
+  not is_namespace(input.review)
   ns := input.review.object.metadata.namespace
   is_priv_namespace(ns)
   not is_exempted_account(input.review)
   username := get_username(input.review)
   msg := sprintf("user %v not allowed to operate in namespace %v", [username, ns])
 }
+
+is_namespace(review) {
+  review.kind.kind == "Namespace"
+}
\ No newline at end of file
diff --git a/pkg/operator/controllers/guardrails/policies/gktemplates/aro-deny-privileged-namespace.yaml b/pkg/operator/controllers/guardrails/policies/gktemplates/aro-deny-privileged-namespace.yaml
index 2422a91a4b7..c2c1b8c278f 100644
--- a/pkg/operator/controllers/guardrails/policies/gktemplates/aro-deny-privileged-namespace.yaml
+++ b/pkg/operator/controllers/guardrails/policies/gktemplates/aro-deny-privileged-namespace.yaml
@@ -28,12 +28,24 @@ spec:
         import data.lib.common.get_username
 
         violation[{"msg": msg}] {
+          is_namespace(input.review)
+          ns := input.review.name
+          is_priv_namespace(ns)
+          not is_exempted_account(input.review)
+          username := get_username(input.review)
+          msg := sprintf("user %v not allowed to operate namespace %v", [username, ns])
+        } {
+          not is_namespace(input.review)
           ns := input.review.object.metadata.namespace
           is_priv_namespace(ns)
           not is_exempted_account(input.review)
           username := get_username(input.review)
           msg := sprintf("user %v not allowed to operate in namespace %v", [username, ns])
         }
+
+        is_namespace(review) {
+          review.kind.kind == "Namespace"
+        }
       libs:
         - |
           package lib.common