diff --git a/cli/cmd/checkRunner.go b/cli/cmd/checkRunner.go
index 5a05c10a88cb86f4d0357949f247016b642ae417..7bf75d090fed7de065c9bb9886974e2ffe553fda 100644
--- a/cli/cmd/checkRunner.go
+++ b/cli/cmd/checkRunner.go
@@ -2,8 +2,8 @@ package cmd
 
 import (
 	"context"
+	"embed"
 	"fmt"
-	"github.com/up9inc/mizu/shared"
 	rbac "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/kubernetes/scheme"
@@ -17,6 +17,11 @@ import (
 	"github.com/up9inc/mizu/shared/semver"
 )
 
+var (
+	//go:embed permissionFiles
+	embedFS embed.FS
+)
+
 func runMizuCheck() {
 	logger.Log.Infof("Mizu checks\n===================")
 
@@ -248,12 +253,12 @@ func checkK8sTapPermissions(ctx context.Context, kubernetesProvider *kubernetes.
 
 	var filePath string
 	if config.Config.IsNsRestrictedMode() {
-		filePath = "./examples/roles/permissions-ns-tap.yaml"
+		filePath = "permissionFiles/permissions-ns-tap.yaml"
 	} else {
-		filePath = "./examples/roles/permissions-all-namespaces-tap.yaml"
+		filePath = "permissionFiles/permissions-all-namespaces-tap.yaml"
 	}
 
-	data, err := shared.ReadFromFile(filePath)
+	data, err := embedFS.ReadFile(filePath)
 	if err != nil {
 		logger.Log.Errorf("%v error while checking kubernetes permissions, err: %v", fmt.Sprintf(uiUtils.Red, "鉁�"), err)
 		return false
diff --git a/examples/roles/permissions-all-namespaces-debug-optional.yaml b/cli/cmd/permissionFiles/permissions-all-namespaces-debug-optional.yaml
similarity index 100%
rename from examples/roles/permissions-all-namespaces-debug-optional.yaml
rename to cli/cmd/permissionFiles/permissions-all-namespaces-debug-optional.yaml
diff --git a/examples/roles/permissions-all-namespaces-ip-resolution-optional.yaml b/cli/cmd/permissionFiles/permissions-all-namespaces-ip-resolution-optional.yaml
similarity index 100%
rename from examples/roles/permissions-all-namespaces-ip-resolution-optional.yaml
rename to cli/cmd/permissionFiles/permissions-all-namespaces-ip-resolution-optional.yaml
diff --git a/examples/roles/permissions-all-namespaces-tap.yaml b/cli/cmd/permissionFiles/permissions-all-namespaces-tap.yaml
similarity index 100%
rename from examples/roles/permissions-all-namespaces-tap.yaml
rename to cli/cmd/permissionFiles/permissions-all-namespaces-tap.yaml
diff --git a/examples/roles/permissions-ns-debug-optional.yaml b/cli/cmd/permissionFiles/permissions-ns-debug-optional.yaml
similarity index 100%
rename from examples/roles/permissions-ns-debug-optional.yaml
rename to cli/cmd/permissionFiles/permissions-ns-debug-optional.yaml
diff --git a/examples/roles/permissions-ns-ip-resolution-optional.yaml b/cli/cmd/permissionFiles/permissions-ns-ip-resolution-optional.yaml
similarity index 100%
rename from examples/roles/permissions-ns-ip-resolution-optional.yaml
rename to cli/cmd/permissionFiles/permissions-ns-ip-resolution-optional.yaml
diff --git a/examples/roles/permissions-ns-tap.yaml b/cli/cmd/permissionFiles/permissions-ns-tap.yaml
similarity index 100%
rename from examples/roles/permissions-ns-tap.yaml
rename to cli/cmd/permissionFiles/permissions-ns-tap.yaml
diff --git a/docs/PERMISSIONS.md b/docs/PERMISSIONS.md
index 0574cdfd0ca0c5e4839b21e22ebcbdabb98d1f6a..5301693bfd9d25d6e75095ff678fff0c0bc58c1c 100644
--- a/docs/PERMISSIONS.md
+++ b/docs/PERMISSIONS.md
@@ -85,4 +85,4 @@ By default Mizu requires cluster-wide permissions.
 If these are not available to the user, it is possible to run Mizu in namespace-restricted mode which has a reduced set of requirements.
 This is done by by setting the `mizu-resources-namespace` config option. See [configuration](CONFIGURATION.md) for instructions.
 
-The different requirements are listed in [the example roles dir](../examples/roles)
+The different requirements are listed in [the permission templates dir](../cli/cmd/permissionFiles)
diff --git a/shared/fileUtils.go b/shared/fileUtils.go
deleted file mode 100644
index 976ff6c2d271a7389027e7a38ad97fed3e01ad20..0000000000000000000000000000000000000000
--- a/shared/fileUtils.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package shared
-
-import (
-	"io/ioutil"
-	"os"
-)
-
-func ReadFromFile(path string) ([]byte, error) {
-	reader, err := os.Open(path)
-	if err != nil {
-		return nil, err
-	}
-
-	data, err := ioutil.ReadAll(reader)
-	if err != nil {
-		return nil, err
-	}
-
-	return data, nil
-}