diff --git a/pkg/userinfo/roleRef.go b/pkg/userinfo/roleRef.go
index 12a43c6f6b..d19b9f337a 100644
--- a/pkg/userinfo/roleRef.go
+++ b/pkg/userinfo/roleRef.go
@@ -13,6 +13,11 @@ import (
 	rbaclister "k8s.io/client-go/listers/rbac/v1"
 )
 
+const (
+	clusterrolekind = "ClusterRole"
+	rolekind        = "Role"
+)
+
 func GetRoleRef(rbLister rbaclister.RoleBindingLister, crbLister rbaclister.ClusterRoleBindingLister, request *v1beta1.AdmissionRequest) (roles []string, clusterRoles []string, err error) {
 	// rolebindings
 	roleBindings, err := rbLister.List(labels.NewSelector())
@@ -49,11 +54,10 @@ func getRoleRefByRoleBindings(roleBindings []*rbacv1.RoleBinding, userInfo authe
 				continue
 			}
 
-			// roleRefMap := roleRef.(map[string]interface{})
 			switch rolebinding.RoleRef.Kind {
-			case "role":
+			case rolekind:
 				roles = append(roles, rolebinding.Namespace+":"+rolebinding.RoleRef.Name)
-			case "clusterRole":
+			case clusterrolekind:
 				clusterRoles = append(clusterRoles, rolebinding.RoleRef.Name)
 			}
 		}
@@ -70,7 +74,7 @@ func getRoleRefByClusterRoleBindings(clusterroleBindings []*rbacv1.ClusterRoleBi
 				continue
 			}
 
-			if clusterRoleBinding.RoleRef.Kind == "clusterRole" {
+			if clusterRoleBinding.RoleRef.Kind == clusterrolekind {
 				clusterRoles = append(clusterRoles, clusterRoleBinding.RoleRef.Name)
 			}
 		}
@@ -80,7 +84,7 @@ func getRoleRefByClusterRoleBindings(clusterroleBindings []*rbacv1.ClusterRoleBi
 
 // matchSubjectsMap checks if userInfo found in subject
 // return true directly if found a match
-// subject["kind"] can only be ServiceAccount, User and Group
+// subject.kind can only be ServiceAccount, User and Group
 func matchSubjectsMap(subject rbacv1.Subject, userInfo authenticationv1.UserInfo) bool {
 	// ServiceAccount
 	if isServiceaccountUserInfo(userInfo.Username) {
diff --git a/pkg/userinfo/roleRef_test.go b/pkg/userinfo/roleRef_test.go
index cca7864209..229e8394e4 100644
--- a/pkg/userinfo/roleRef_test.go
+++ b/pkg/userinfo/roleRef_test.go
@@ -181,7 +181,7 @@ func Test_getRoleRefByRoleBindings(t *testing.T) {
 				},
 			},
 			rbacv1.RoleRef{
-				Kind: "role",
+				Kind: rolekind,
 				Name: "myrole",
 			},
 		},
@@ -199,7 +199,7 @@ func Test_getRoleRefByRoleBindings(t *testing.T) {
 				},
 			},
 			rbacv1.RoleRef{
-				Kind: "clusterRole",
+				Kind: clusterrolekind,
 				Name: "myclusterrole",
 			},
 		},
@@ -232,7 +232,7 @@ func Test_getRoleRefByClusterRoleBindings(t *testing.T) {
 				},
 			},
 			rbacv1.RoleRef{
-				Kind: "clusterRole",
+				Kind: clusterrolekind,
 				Name: "fakeclusterrole",
 			},
 		},
@@ -249,7 +249,7 @@ func Test_getRoleRefByClusterRoleBindings(t *testing.T) {
 				},
 			},
 			rbacv1.RoleRef{
-				Kind: "clusterRole",
+				Kind: clusterrolekind,
 				Name: "myclusterrole",
 			},
 		},