Welcome to Working With Rails


Discussion Forums

Discuss all things Ruby on Rails with perhaps the web's most vibrant group of Ruby on Rails enthusiasts.
Strategies for authorization
6 Posts
Strategies for authorization

Hi folks

We're having a debate at work over approaches to authorization, specifically whether to use a home-grown system or an existing Rails plugin.

Issues of requirements aside, I'm interested in finding out what approaches are in common use in the community. I have a particular preference myself, which I won't mention for fear of weighing the topic one way or another, so I'd just like to ask:

What authorization system do you use?

Any advice appreciated.

Cheers Tom

Just started playing with restful_authentication along with aasm plugin... after recent projects where we created our own authentication. restful authentication gave me in a single command what otherwise might have taken a half day or day of coding. Would be interested in the "why nots" of using it given it seems highly customizable. I guess the key is to make sure those debating the approaches fully understand any plugins you are considering.

I always try to not reinvent wheels. Restful_authentication plugin is very good and well tested. It can also be easily customized. Their are also benefits to using something that's open source vs. something you've grown yourself.

Thanks for the replies folks.

I should have been a bit clearer in my original post. We currently use restful_authentication for authenticating users but we're struggling a bit over authorization - i.e. which users can do what in the system.

We originally used the authorization plugin, the latest version of which can be found here: http://github.com/DocSavage/rails-authorization-plugin/tree/master

I kinda liked this but it got removed because it didn't allow dynamic creation of roles and reassigning permissions to controller action. It was replaced with a home grown system that has its own problems and I'm now advocating should be replaced. One option is the original authorization plugin, but there are a few similar plugins available. I'm keen to know how other people are coping with this sort of problem, what sorts of permissions schemes people find useful and if there's anything in particular that's gaining traction in the Rails community.

Cheers Tom


You may find Lockdown useful (http://stonean.com/wiki/lockdown) it provides both authentication and authorization.


I have used authlogic plugin (http://github.com/binarylogic/authlogic/tree/master)

It is "a clean, simple, and unobtrusive ruby authentication solution."

I used restful_authentication for many projects, but in the last projects I tried authlogic.

Today, I prefer authlogic than restful_authentication.


6 Posts
Login to add your message