diff --git a/service/logger/audit/constants.go b/service/logger/audit/constants.go
index 1874cb7f50..0746d8d1ad 100644
--- a/service/logger/audit/constants.go
+++ b/service/logger/audit/constants.go
@@ -14,6 +14,7 @@ const (
 	ObjectTypeNamespace
 	ObjectTypeConditionSet
 	ObjectTypeKasRegistry
+	ObjectTypeKasAttributeNamespaceAssignment
 	ObjectTypeKasAttributeDefinitionAssignment
 	ObjectTypeKasAttributeValueAssignment
 	ObjectTypeKeyObject
@@ -29,6 +30,7 @@ func (ot ObjectType) String() string {
 		"namespace",
 		"condition_set",
 		"kas_registry",
+		"kas_attribute_namespace_assignment",
 		"kas_attribute_definition_assignment",
 		"kas_attribute_value_assignment",
 		"key_object",
diff --git a/service/policy/namespaces/namespaces.go b/service/policy/namespaces/namespaces.go
index 03a13a76b0..11b4d4476a 100644
--- a/service/policy/namespaces/namespaces.go
+++ b/service/policy/namespaces/namespaces.go
@@ -179,3 +179,43 @@ func (ns NamespacesService) DeactivateNamespace(ctx context.Context, req *namesp
 
 	return rsp, nil
 }
+
+func (ns NamespacesService) AssignKeyAccessServerToNamespace(ctx context.Context, req *namespaces.AssignKeyAccessServerToNamespaceRequest) (*namespaces.AssignKeyAccessServerToNamespaceResponse, error) {
+	grant := req.GetNamespaceKeyAccessServer()
+	auditParams := audit.PolicyEventParams{
+		ActionType: audit.ActionTypeCreate,
+		ObjectType: audit.ObjectTypeKasAttributeNamespaceAssignment,
+		ObjectID:   fmt.Sprintf("%s-%s", grant.GetNamespaceId(), grant.GetKeyAccessServerId()),
+	}
+
+	namespaceKas, err := ns.dbClient.AssignKeyAccessServerToNamespace(ctx, grant)
+	if err != nil {
+		ns.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
+		return nil, db.StatusifyError(err, db.ErrTextCreationFailed, slog.String("namespaceKas", grant.String()))
+	}
+	ns.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
+
+	return &namespaces.AssignKeyAccessServerToNamespaceResponse{
+		NamespaceKeyAccessServer: namespaceKas,
+	}, nil
+}
+
+func (ns NamespacesService) RemoveKeyAccessServerFromNamespace(ctx context.Context, req *namespaces.RemoveKeyAccessServerFromNamespaceRequest) (*namespaces.RemoveKeyAccessServerFromNamespaceResponse, error) {
+	grant := req.GetNamespaceKeyAccessServer()
+	auditParams := audit.PolicyEventParams{
+		ActionType: audit.ActionTypeDelete,
+		ObjectType: audit.ObjectTypeKasAttributeNamespaceAssignment,
+		ObjectID:   fmt.Sprintf("%s-%s", grant.GetNamespaceId(), grant.GetKeyAccessServerId()),
+	}
+
+	namespaceKas, err := ns.dbClient.RemoveKeyAccessServerFromNamespace(ctx, grant)
+	if err != nil {
+		ns.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
+		return nil, db.StatusifyError(err, db.ErrTextDeletionFailed, slog.String("namespaceKas", grant.String()))
+	}
+	ns.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
+
+	return &namespaces.RemoveKeyAccessServerFromNamespaceResponse{
+		NamespaceKeyAccessServer: namespaceKas,
+	}, nil
+}