Istio AuthorizationPolicy to do not allow users to access the pods from the namespaces where they don't have access

Hi Team,

I’m using Istio External AuthZ and now I want to create AuthorizationPolicy resource so that the user can access pods(microservices endpoints) if the user belongs to namespace.

Example - Let’s say the user1 belongs to n1 namespace and app1 is the pod running in n1 and app 2 is running on other namespace n2. If user1 clicks app2 url it should get RBAC error after OIDC flow.

Thank you in advance.