Current state of login/authentication engines?

Hello list,

I’m trying to get my head around the current state of the various
login/authentication engines, and can’t get a clear view of what the
available options are, how stable/robust they are, and what are the
pros/cons/capabilities of each.

The specific problem I’m trying to solve is this: I’ve got a bunch of
users, who will need to be authenticated and assigned roles (e.g.
Administrator, User, …) and only for specific parts of the system
(e.g. AccountsPayable, AccountsReceivable, GeneralLedger). No, I’m
not making an accounting system, but this is the simplest analogy I
could think of to describe the login/authentication I need.

A user may be an Administrator for AccountsPayable, but have no rights
whatsoever for GeneralLedger. In other words, I need to be able to
restrict their access not only on a role basis, but also on a “which
part of the system” basis. I don’t want to mix the two and create
roles such as GeneralLedgerAdministrator, because that doesn’'t give
me the scalability and flexibility I know I’m going to need later on.

Is there a login/authentication engine that I can just drop in to do
this (unlikely), or is there one that could be tweaked to provide this
functionality relatively easily?

Thanks in advance for any assistance

Dave M.

David M. wrote:

Of all the login/user systems out there the login_engine / user_engine
system is the closest to what you need. It can restrict access to
specific controller/action pairs based on roles, which sounds pretty
close to what you want.

It does not offer any support for checking permissions for specific
records, however, so if you need that you will have to do some checking


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs