Giving default access to superusers

henning-koch edited this page Sep 13, 2010 · 3 revisions

Most applications have some sort of superuser for maintenance and support. For such cases it is useful to define a role that is always allowed access by default:

role :admin, :default_permission => :allow

Since the default permission of admins is set to :allow, you do not have to explicitely give admins permission. You can however take away permission for selected actions:

action :change_privacy_settings do
  deny :admin
end