Authorization system recommendations

Good morning.

Our application has grown to the point where a more robust authorization system is needed. What Rails plugins or Ruby gems do you recommend?

Our needs include:

- defining multiple user roles which can use parts of the application in different ways - easy maintenance (preferably no generators or systems requiring manual code updating after initial install)

We are already using authlogic for authentication.



Hello Evan,

I've posted a similar question few days ago ( ). Unfortunately there weren't any answers yet. So, by now I recommend you to take a look at the "rails-authorization-plugin" from Writertopia ( writertopia ), it can can supply your needs for sure.

Last but not least, I also suggest you to keep looking at Ben Johnson's site where recently has been posted some exciting news about the future of Authlogic ( future-of-authlogic-add-ons). There you'll see something about the add- on nr. 5. Maybe you can wait for its release. I confess I'm looking forward to it.




Thanks for pointing out your post. I'm looking at the Authorization plugin now.

After several more hours of research I've found a couple of resources that might help you, as well.

A good, comparative overview of lots of authorization plugins

Declarative Authorization plugin – well-designed authorization system that abstracts authorization declarations from application code