Generally, you what you’ve done is authentication, and what are you seeking is authorization. You can either implement it yourself or use a gem like CanCan (Devise is no option here, because it handles the part you’ve already done — the authentication part.) Using CanCan seems like the easiest option, it does not dictate how your authentication should be handled so it’s really easy to adopt it.