1. Authorizations systems and Be9's Acl 9

4. Naïve – checks flags without knowledge of user relationships

5. Easier administration

7. Relationships are recorded by the object.

8. Highly secure due to permissions being explicity declared.

9. Requires a large amount of administration.

11. Roles allow for meaningful grouping of actions and objects.

14. Implemented early it's easy to add them and will better define your thinking about the application.

15. Lets you know which parts of the site need polishing up for external users etc.

17. A good portion of the time you just need a few global roles.

20. Provides syntax and handlers for relating roles to objects and actions.

21. Consistently deal with roles and relations.

22. Multi-table solution allows system to apply roles to objects or classes quickly.

24. Get some kind of authentication system that includes current_user.

25. Setup database create_table "roles", :force => true do |t| t.string "name", :limit => 40 t.string "authorizable_type", :limit => 40 t.integer "authorizable_id" t.datetime "created_at" t.datetime "updated_at" end create_table "roles_users", :id => false, :force => true do |t| t.integer "user_id" t.integer "role_id" t.datetime "created_at" t.datetime "updated_at" End Don't forget indexes.

27. acts_as_authorization_object

29. :default_subject_class_name => 'User',

30. :default_subject_method => :current_user,

31. :protect_global_roles => true

36. user.roles_for(object)

41. Allow :manager, :of => @widget, :to => :edit

42. :of is aliased lots for more gooder english. You can use: :of, :at, :on, :by, :for, :in

45. Methods must return true or false.

47. Often worth catching these conditionally in the controller for specific access problems and then raising to a generic block in the application_controller.