I have created a policy and attached to an IAM user to allow him to access all ECR repositories in AWS with a tag - "department=dev". Below is the json policy:
