Authorization and Role-Based Access Controls

Learn about authorization and role-based access controls in our Rails application.

We'll cover the following

Map resources and actions to job titles and departments

In most organizations, the authentication mechanism is driven by product and business concerns, and the decision around what method to use is typically easy to make. Authorization—the mapping of what users can perform what actions—is often much more complicated.

If we are building software to be used by employees of the company or a software-as-a-service product intended for knowledge workers, there will often be a myriad of features available, some of which control highly sensitive or potentially dangerous functions.

Get hands-on with 1200+ tech skills courses.

Prologue

Getting Started

The Rails Application Architecture

Start Our App Off Right

Business Logic

Routes and URLs

HTML Templates

Helpers

CSS

Minimize JavaScript

Carefully Manage the JavaScript We Need

Testing the View

Models I

The Database

Business Logic Code is a Seam

Models II

End-to-End Testing

Controllers

Jobs

Other Boundary Classes

Authentication and Authorization beyond Rails

API Endpoints

Sustainable Process and Workflows

Operations

Conclusion

Appendices

Authorization and Role-Based Access Controls