diff --git a/infrastructure/ontime-operator/namespace-prefix-policy.yaml b/infrastructure/ontime-operator/namespace-prefix-policy.yaml
index 9e034dd..6db1f9f 100644
--- a/infrastructure/ontime-operator/namespace-prefix-policy.yaml
+++ b/infrastructure/ontime-operator/namespace-prefix-policy.yaml
@@ -29,4 +29,37 @@ spec:
     - apiGroups:   [""]
       apiVersions: ["v1"]
       operations:  ["CREATE", "UPDATE"]
-      resources:   ["namespaces"]
\ No newline at end of file
+      resources:   ["namespaces"]
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "force-stage-ns-prefix-for-stage-editor"
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["cloud.getontime.no"]
+      apiVersions: ["v1"]
+      operations:  ["CREATE", "UPDATE", "DELETE"]
+      resources:   ["stages"]
+  matchConditions:
+    - name: 'only-stage-editor'
+      expression: "request.userInfo.username == 'system:serviceaccount:ontime-operator:stage-editor'"
+  validations:
+    - expression: "object.metadata.namespace.startsWith('team-')"
+      message: "Stages must be created in namespaces starting with 'team-'"
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: "force-stage-ns-prefix-for-stage-editor-binding"
+spec:
+  policyName: "force-stage-ns-prefix-for-stage-editor"
+  validationActions: [Deny]
+  matchResources:
+    resourceRules:
+    - apiGroups:   ["cloud.getontime.no"]
+      apiVersions: ["v1"]
+      operations:  ["CREATE", "UPDATE", "DELETE"]
+      resources:   ["stages"]
\ No newline at end of file