diff --git a/emp/emp_user_cftemplate.yaml b/emp/emp_user_cftemplate.yaml
index 8700f60..5e421a1 100644
--- a/emp/emp_user_cftemplate.yaml
+++ b/emp/emp_user_cftemplate.yaml
@@ -335,8 +335,8 @@ Resources:
               StringEquals:
                 aws:RequestTag/emp.pf9.io: owned
               StringLike:
-                aws:RequestTag/emp.pf9.io/baremetalpool: '*'
-                aws:RequestTag/emp.pf9.io/namespace: '*'
+                aws:RequestTag/emp.pf9.io/ns/org-*/bmtpool/*: owned
+                aws:RequestTag/emp.pf9.io/ns/org-*: owned
           - Action:
               - elasticfilesystem:DescribeFileSystems
               - elasticfilesystem:CreateMountTarget
@@ -349,8 +349,8 @@ Resources:
               StringEquals:
                 aws:ResourceTag/emp.pf9.io: owned
               StringLike:
-                aws:ResourceTag/emp.pf9.io/namespace: '*'
-                aws:ResourceTag/emp.pf9.io/baremetalpool: '*'
+                aws:ResourceTag/emp.pf9.io/ns/org-*: owned
+                aws:ResourceTag/emp.pf9.io/ns/org-*/bmtpool/*: owned
           - Action:
               - elasticfilesystem:TagResource
             Effect: Allow