Authorization system recommendations

Good morning.

Our application has grown to the point where a more robust
authorization system is needed. What Rails plugins or Ruby gems do you

Our needs include:

  • defining multiple user roles which can use parts of the application
    in different ways
  • easy maintenance (preferably no generators or systems requiring
    manual code updating after initial install)

We are already using authlogic for authentication.



Hello Evan,

I’ve posted a similar question few days ago (
). Unfortunately there weren’t any answers yet. So, by now I recommend
you to take a look at the “rails-authorization-plugin” from
Writertopia ( writertopia ),
it can can supply your needs for sure.

Last but not least, I also suggest you to keep looking at Ben
Johnson’s site where recently has been posted some exciting news about
the future of Authlogic (
future-of-authlogic-add-ons). There you’ll see something about the add-
on nr. 5. Maybe you can wait for its release. I confess I’m looking
forward to it.




Thanks for pointing out your post. I’m looking at the Authorization
plugin now.

After several more hours of research I’ve found a couple of resources
that might help you, as well.

A good, comparative overview of lots of authorization plugins

Declarative Authorization plugin – well-designed authorization system
that abstracts authorization declarations from application code