Granting access in root namespce

Hello, I have a vault enterprise installed on my network.
I give every group of people I want to have the same namespace an hcl policy that looks like this:

path "namespace/*" {
    capabilities = ["sudo"]
}

and that works fine, every group gets full ownership for their namesapce.

My problem comes when I want to give certain groups access to engines located in root.
I tried giving them a policy for that specific route:

path "pkiEngine" {
    capabilities = ["sudo"]
}

but that way they can only see the engine listed in root but when they try to click it it redirects to a page saying they dont have permission.

What do I need to change in the second policy so they have access to specific engines in root?