Guys I’im using Ktor for a Grade System where Authorisations have bin encapsulated in token/ I have endpoint that only people with specific authorisation can are allowed What’s the best practice to combine these authorisation ?

authenticate(AuthorizeFor.ManageCourse, AuthorizeFor.ManageSubject){
     post("/enroll-student") {...}
}

Is this ok ?

authenticate(AuthorizeFor.ManageCourse, AuthorizeFor.ManageSubject,AuthorizeFor.ManagePauta,AuthorizeFor.ManageBatch,AuthorizeFor.ManageAdmin)