diff --git a/pkg/client/cache/listers_rbac.go b/pkg/client/cache/listers_rbac.go
new file mode 100644
index 00000000000..2b1cf8bb2a8
--- /dev/null
+++ b/pkg/client/cache/listers_rbac.go
@@ -0,0 +1,234 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cache
+
+import (
+	"k8s.io/kubernetes/pkg/api/errors"
+	"k8s.io/kubernetes/pkg/apis/rbac"
+	"k8s.io/kubernetes/pkg/labels"
+)
+
+//  TODO: generate these classes and methods for all resources of interest using
+// a script.  Can use "go generate" once 1.4 is supported by all users.
+
+// Lister makes an Index have the List method.  The Stores must contain only the expected type
+// Example:
+// s := cache.NewStore()
+// lw := cache.ListWatch{Client: c, FieldSelector: sel, Resource: "pods"}
+// r := cache.NewReflector(lw, &rbac.ClusterRole{}, s).Run()
+// l := clusterRoleLister{s}
+// l.List()
+
+func NewClusterRoleLister(indexer Indexer) ClusterRoleLister {
+	return &clusterRoleLister{indexer: indexer}
+}
+func NewClusterRoleBindingLister(indexer Indexer) ClusterRoleBindingLister {
+	return &clusterRoleBindingLister{indexer: indexer}
+}
+func NewRoleLister(indexer Indexer) RoleLister {
+	return &roleLister{indexer: indexer}
+}
+func NewRoleBindingLister(indexer Indexer) RoleBindingLister {
+	return &roleBindingLister{indexer: indexer}
+}
+
+// these interfaces are used by the rbac authorizer
+type authorizerClusterRoleGetter interface {
+	GetClusterRole(name string) (*rbac.ClusterRole, error)
+}
+
+type authorizerClusterRoleBindingLister interface {
+	ListClusterRoleBindings() ([]*rbac.ClusterRoleBinding, error)
+}
+
+type authorizerRoleGetter interface {
+	GetRole(namespace, name string) (*rbac.Role, error)
+}
+
+type authorizerRoleBindingLister interface {
+	ListRoleBindings(namespace string) ([]*rbac.RoleBinding, error)
+}
+
+type ClusterRoleLister interface {
+	authorizerClusterRoleGetter
+	List(selector labels.Selector) (ret []*rbac.ClusterRole, err error)
+	Get(name string) (*rbac.ClusterRole, error)
+}
+
+type clusterRoleLister struct {
+	indexer Indexer
+}
+
+func (s *clusterRoleLister) List(selector labels.Selector) (ret []*rbac.ClusterRole, err error) {
+	err = ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*rbac.ClusterRole))
+	})
+	return ret, err
+}
+
+func (s clusterRoleLister) Get(name string) (*rbac.ClusterRole, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(rbac.Resource("clusterrole"), name)
+	}
+	return obj.(*rbac.ClusterRole), nil
+}
+
+func (s clusterRoleLister) GetClusterRole(name string) (*rbac.ClusterRole, error) {
+	return s.Get(name)
+}
+
+type ClusterRoleBindingLister interface {
+	authorizerClusterRoleBindingLister
+	List(selector labels.Selector) (ret []*rbac.ClusterRoleBinding, err error)
+	Get(name string) (*rbac.ClusterRoleBinding, error)
+}
+
+type clusterRoleBindingLister struct {
+	indexer Indexer
+}
+
+func (s *clusterRoleBindingLister) List(selector labels.Selector) (ret []*rbac.ClusterRoleBinding, err error) {
+	err = ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*rbac.ClusterRoleBinding))
+	})
+	return ret, err
+}
+
+func (s clusterRoleBindingLister) Get(name string) (*rbac.ClusterRoleBinding, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(rbac.Resource("clusterrolebinding"), name)
+	}
+	return obj.(*rbac.ClusterRoleBinding), nil
+}
+
+func (s clusterRoleBindingLister) ListClusterRoleBindings() ([]*rbac.ClusterRoleBinding, error) {
+	return s.List(labels.Everything())
+}
+
+type RoleLister interface {
+	authorizerRoleGetter
+	List(selector labels.Selector) (ret []*rbac.Role, err error)
+	Roles(namespace string) RoleNamespaceLister
+}
+
+type RoleNamespaceLister interface {
+	List(selector labels.Selector) (ret []*rbac.Role, err error)
+	Get(name string) (*rbac.Role, error)
+}
+
+type roleLister struct {
+	indexer Indexer
+}
+
+func (s *roleLister) List(selector labels.Selector) (ret []*rbac.Role, err error) {
+	err = ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*rbac.Role))
+	})
+	return ret, err
+}
+
+func (s *roleLister) Roles(namespace string) RoleNamespaceLister {
+	return roleNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+func (s roleLister) GetRole(namespace, name string) (*rbac.Role, error) {
+	return s.Roles(namespace).Get(name)
+}
+
+type roleNamespaceLister struct {
+	indexer   Indexer
+	namespace string
+}
+
+func (s roleNamespaceLister) List(selector labels.Selector) (ret []*rbac.Role, err error) {
+	err = ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*rbac.Role))
+	})
+	return ret, err
+}
+
+func (s roleNamespaceLister) Get(name string) (*rbac.Role, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(rbac.Resource("role"), name)
+	}
+	return obj.(*rbac.Role), nil
+}
+
+type RoleBindingLister interface {
+	authorizerRoleBindingLister
+	List(selector labels.Selector) (ret []*rbac.RoleBinding, err error)
+	RoleBindings(namespace string) RoleBindingNamespaceLister
+}
+
+type RoleBindingNamespaceLister interface {
+	List(selector labels.Selector) (ret []*rbac.RoleBinding, err error)
+	Get(name string) (*rbac.RoleBinding, error)
+}
+
+type roleBindingLister struct {
+	indexer Indexer
+}
+
+func (s *roleBindingLister) List(selector labels.Selector) (ret []*rbac.RoleBinding, err error) {
+	err = ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*rbac.RoleBinding))
+	})
+	return ret, err
+}
+
+func (s *roleBindingLister) RoleBindings(namespace string) RoleBindingNamespaceLister {
+	return roleBindingNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+func (s roleBindingLister) ListRoleBindings(namespace string) ([]*rbac.RoleBinding, error) {
+	return s.RoleBindings(namespace).List(labels.Everything())
+}
+
+type roleBindingNamespaceLister struct {
+	indexer   Indexer
+	namespace string
+}
+
+func (s roleBindingNamespaceLister) List(selector labels.Selector) (ret []*rbac.RoleBinding, err error) {
+	err = ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*rbac.RoleBinding))
+	})
+	return ret, err
+}
+
+func (s roleBindingNamespaceLister) Get(name string) (*rbac.RoleBinding, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(rbac.Resource("rolebinding"), name)
+	}
+	return obj.(*rbac.RoleBinding), nil
+}
diff --git a/pkg/controller/informers/factory.go b/pkg/controller/informers/factory.go
index 6218df59167..a9f50aa4522 100644
--- a/pkg/controller/informers/factory.go
+++ b/pkg/controller/informers/factory.go
@@ -40,6 +40,11 @@ type SharedInformerFactory interface {
 	DaemonSets() DaemonSetInformer
 	Deployments() DeploymentInformer
 	ReplicaSets() ReplicaSetInformer
+
+	ClusterRoles() ClusterRoleInformer
+	ClusterRoleBindings() ClusterRoleBindingInformer
+	Roles() RoleInformer
+	RoleBindings() RoleBindingInformer
 }
 
 type sharedInformerFactory struct {
@@ -112,3 +117,19 @@ func (f *sharedInformerFactory) Deployments() DeploymentInformer {
 func (f *sharedInformerFactory) ReplicaSets() ReplicaSetInformer {
 	return &replicaSetInformer{sharedInformerFactory: f}
 }
+
+func (f *sharedInformerFactory) ClusterRoles() ClusterRoleInformer {
+	return &clusterRoleInformer{sharedInformerFactory: f}
+}
+
+func (f *sharedInformerFactory) ClusterRoleBindings() ClusterRoleBindingInformer {
+	return &clusterRoleBindingInformer{sharedInformerFactory: f}
+}
+
+func (f *sharedInformerFactory) Roles() RoleInformer {
+	return &roleInformer{sharedInformerFactory: f}
+}
+
+func (f *sharedInformerFactory) RoleBindings() RoleBindingInformer {
+	return &roleBindingInformer{sharedInformerFactory: f}
+}
diff --git a/pkg/controller/informers/rbac.go b/pkg/controller/informers/rbac.go
new file mode 100644
index 00000000000..aa5681f3db4
--- /dev/null
+++ b/pkg/controller/informers/rbac.go
@@ -0,0 +1,187 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package informers
+
+import (
+	"reflect"
+
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/apis/rbac"
+	"k8s.io/kubernetes/pkg/client/cache"
+	"k8s.io/kubernetes/pkg/runtime"
+	"k8s.io/kubernetes/pkg/watch"
+)
+
+type ClusterRoleInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() cache.ClusterRoleLister
+}
+
+type clusterRoleInformer struct {
+	*sharedInformerFactory
+}
+
+func (f *clusterRoleInformer) Informer() cache.SharedIndexInformer {
+	f.lock.Lock()
+	defer f.lock.Unlock()
+
+	informerType := reflect.TypeOf(&rbac.ClusterRole{})
+	informer, exists := f.informers[informerType]
+	if exists {
+		return informer
+	}
+	informer = cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options api.ListOptions) (runtime.Object, error) {
+				return f.client.Rbac().ClusterRoles().List(options)
+			},
+			WatchFunc: func(options api.ListOptions) (watch.Interface, error) {
+				return f.client.Rbac().ClusterRoles().Watch(options)
+			},
+		},
+		&rbac.ClusterRole{},
+		f.defaultResync,
+		cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc},
+	)
+	f.informers[informerType] = informer
+
+	return informer
+}
+
+func (f *clusterRoleInformer) Lister() cache.ClusterRoleLister {
+	return cache.NewClusterRoleLister(f.Informer().GetIndexer())
+}
+
+type ClusterRoleBindingInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() cache.ClusterRoleBindingLister
+}
+
+type clusterRoleBindingInformer struct {
+	*sharedInformerFactory
+}
+
+func (f *clusterRoleBindingInformer) Informer() cache.SharedIndexInformer {
+	f.lock.Lock()
+	defer f.lock.Unlock()
+
+	informerType := reflect.TypeOf(&rbac.ClusterRoleBinding{})
+	informer, exists := f.informers[informerType]
+	if exists {
+		return informer
+	}
+	informer = cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options api.ListOptions) (runtime.Object, error) {
+				return f.client.Rbac().ClusterRoleBindings().List(options)
+			},
+			WatchFunc: func(options api.ListOptions) (watch.Interface, error) {
+				return f.client.Rbac().ClusterRoleBindings().Watch(options)
+			},
+		},
+		&rbac.ClusterRoleBinding{},
+		f.defaultResync,
+		cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc},
+	)
+	f.informers[informerType] = informer
+
+	return informer
+}
+
+func (f *clusterRoleBindingInformer) Lister() cache.ClusterRoleBindingLister {
+	return cache.NewClusterRoleBindingLister(f.Informer().GetIndexer())
+}
+
+type RoleInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() cache.RoleLister
+}
+
+type roleInformer struct {
+	*sharedInformerFactory
+}
+
+func (f *roleInformer) Informer() cache.SharedIndexInformer {
+	f.lock.Lock()
+	defer f.lock.Unlock()
+
+	informerType := reflect.TypeOf(&rbac.Role{})
+	informer, exists := f.informers[informerType]
+	if exists {
+		return informer
+	}
+	informer = cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options api.ListOptions) (runtime.Object, error) {
+				return f.client.Rbac().Roles(api.NamespaceAll).List(options)
+			},
+			WatchFunc: func(options api.ListOptions) (watch.Interface, error) {
+				return f.client.Rbac().Roles(api.NamespaceAll).Watch(options)
+			},
+		},
+		&rbac.Role{},
+		f.defaultResync,
+		cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc},
+	)
+	f.informers[informerType] = informer
+
+	return informer
+}
+
+func (f *roleInformer) Lister() cache.RoleLister {
+	return cache.NewRoleLister(f.Informer().GetIndexer())
+}
+
+type RoleBindingInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() cache.RoleBindingLister
+}
+
+type roleBindingInformer struct {
+	*sharedInformerFactory
+}
+
+func (f *roleBindingInformer) Informer() cache.SharedIndexInformer {
+	f.lock.Lock()
+	defer f.lock.Unlock()
+
+	informerType := reflect.TypeOf(&rbac.RoleBinding{})
+	informer, exists := f.informers[informerType]
+	if exists {
+		return informer
+	}
+	informer = cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options api.ListOptions) (runtime.Object, error) {
+				return f.client.Rbac().RoleBindings(api.NamespaceAll).List(options)
+			},
+			WatchFunc: func(options api.ListOptions) (watch.Interface, error) {
+				return f.client.Rbac().RoleBindings(api.NamespaceAll).Watch(options)
+			},
+		},
+		&rbac.RoleBinding{},
+		f.defaultResync,
+		cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc},
+	)
+	f.informers[informerType] = informer
+
+	return informer
+}
+
+func (f *roleBindingInformer) Lister() cache.RoleBindingLister {
+	return cache.NewRoleBindingLister(f.Informer().GetIndexer())
+}