Rails Authorization and Authentication

Some developers confuse the terms Authentication and Authorization. At first, I also kind of lumped them both in the same bucket. Eventually, I figured out the differences, and wanted to address the issue here to help clarify things a bit.

User *authentication* is looking them up in the Users database to ensure they have an account in your system.

User *authorization* is a system of determining what areas of your app the User can access once they are authenticated into the site. 

I use two popular Rails gems that pretty much give you a drop-in solution for authentication and authorization. Devise is a Rails gem for User Authentication, and CanCan (by Ryan Bates of RailsCasts fame) is for User Authentication.
I ran across these great articles on another blog that describes using Rails and CanCan together:

Article 1: Getting Started with Devise and CanCan The article includes very detailed steps and code samples for both Devise and CanCan. 

Article 2: Devise and CanCan – Restful Resources for Administrators

You can also read my blog post about Getting started with Devise, which includes lots of other helpful Devise links to get you started.

Leave a Reply

Your email address will not be published. Required fields are marked *