Lesson Tuesday

In the last lesson, we learned how to implement basic user authorization using Devise. However, there are also several excellent gems that specialize solely in authorizing users and managing user permissions.

This lesson will provide an introduction to two popular and vetted gems that help implement authorization into Rails applications. When you feel comfortable with the new authentication concepts introduced in this course section, including basic authorization with Devise, you're encouraged to explore authorization further.

Rails Admin

The Rails Admin gem provides an administrative dashboard for applications and also makes adding, editing and destroying objects in your database much easier. It’s highly recommended and easy to set up. You can also try Active Admin as well.


The CanCanCan gem creates an Ability class where user permissions can be defined. The convenience of this gem isn’t as obvious with a small application that authorizes only users and admins, but many applications have more complex levels of user permissions.

Imagine, for example, a newspaper site. Unregistered users might have access to read limited content while subscribers might have access to all content. Moderators can add, edit and delete comments while editors can add, edit and delete articles. Only the subscriptions department can add, edit and subscribers while only the HR department can add, edit and delete moderators and editors. These complex user permissions would quickly become difficult to manage without a tool like CanCanCan.

Further Exploration

Try adding additional user permissions to your sites and implementing CanCanCan.

Both of these Rails gems are extremely popular and well-documented. They also showcase one of the Rails framework’s greatest strengths: the ability to quickly build out and scale up an application, adding administrative and authorization functionality with very little additional code.

Lesson 17 of 27
Last updated July 14, 2022