# skill_digest: e80c8209ad23b68350bd657d2e171ecdd9cf826b295b86a83aa85c585139552d
Based on the skill description, I can directly answer your question about how the ReleasePlanAdmission (RPA) references the ReleasePlan (RP):

The ReleasePlan (RP) and ReleasePlanAdmission (RPA) are intentionally created in DIFFERENT namespaces:
- ReleasePlan (RP) is created in the TENANT namespace (by you/your team)
- ReleasePlanAdmission (RPA) is created in the MANAGED namespace (by the Platform Engineer)

The RPA references the RP across namespace boundaries. Specifically:
1. The ReleasePlan is created first in the tenant namespace
2. The Platform Engineer then creates a ReleasePlanAdmission in the managed namespace that points to/references the ReleasePlan

Key points:
- They do NOT need to be in the same namespace
- In fact, they are INTENTIONALLY placed in different namespaces
- The RPA contains release pipeline credentials
- The RP defines the release action for an Application
- The RPA links the release credentials to the release plan across namespace boundaries

This separation ensures:
- Developers can define release plans (in tenant namespace)
- Platform engineers control release credentials (in managed namespace)
- Secure isolation of sensitive release information

Would you like me to elaborate on any part of this explanation?