Once user authentication has been added to your Rails app, authorization isn’t far behind. In fact, very basic authorization functionality exists the moment you implement user authentication. At that point, users who are logged in will have authorization to access areas of your application that others do not. The next common step is to add a boolean attribute to the User model to track whether a user is a "normal" user or someone who should have access to administer the application as well, yielding a convenient syntax like ?.
Adding an attribute to track a user’s administrator status may well be enough for a simple application, but at some point you will want something more flexible. After all, you don’t want to go adding a new column to your user table for every single possible authorization level, do you? Here’s one very easy way to handle things.
Read the rest of this post