diff --git a/staging/src/k8s.io/kubectl/pkg/cmd/auth/cani.go b/staging/src/k8s.io/kubectl/pkg/cmd/auth/cani.go
index cf6f76bd7d1..f81f341789d 100644
--- a/staging/src/k8s.io/kubectl/pkg/cmd/auth/cani.go
+++ b/staging/src/k8s.io/kubectl/pkg/cmd/auth/cani.go
@@ -83,6 +83,11 @@ var (
 		# Check to see if I can list deployments in my current namespace
 		kubectl auth can-i list deployments.apps
 
+		# Check to see if service account "foo" of namespace "dev" can list pods
+		# in the namespace "prod".
+		# You must be allowed to use impersonation for the global option "--as".
+		kubectl auth can-i list pods --as=system:serviceaccount:dev:foo -n prod
+
 		# Check to see if I can do everything in my current namespace ("*" means all)
 		kubectl auth can-i '*' '*'