In earlier chapters, you learned how to use Devise for authentication. We are requiring our users to sign in before accessing several pages in our app. However, in many scenarios, authentication is not enough. We need to implement access authorization as well.

To put it simply, access authorization is concerned with who can do what, who can access what, or who can see what. For instance, a user can set their profile to private, which limits their timeline only to their followers. This is authorization.

In this chapter, let’s see how we can implement access authorization using Bali. In the process, we will also ...