Have "access management" plugin?

Hi, everyone:
I am now considering of the access function in my website app. For
example, the normal user can only modify and destory his own comments,
threads & uploaded attachments; user can choose hide his comment to
public or show it outside. Of course, later on it will have some more
access-restricted fucntion and path.
Does anyone have the experience in Rails about this?
Appreciate any of your reply!