// EscalationAllowed checks if the user associated with the context is a superuser func EscalationAllowed(ctx context.Context) bool { … } var roleResources … // RoleEscalationAuthorized checks if the user associated with the context is explicitly authorized to escalate the role resource associated with the context func RoleEscalationAuthorized(ctx context.Context, a authorizer.Authorizer) bool { … } // BindingAuthorized returns true if the user associated with the context is explicitly authorized to bind the specified roleRef func BindingAuthorized(ctx context.Context, roleRef rbac.RoleRef, bindingNamespace string, a authorizer.Authorizer) bool { … }