Hi folks, I''m trying to implement an authorization system with users, roles and permissions. Each user can have multiple roles, each role multiple permissions and users can have multiple ''snowflake'' permissions as well. This is my migration schema: ############################ create_table "permissions", :force => true do |t| t.string "name" t.string "controller" t.boolean "c" t.boolean "u" t.boolean "d" t.datetime "created_at" t.datetime "updated_at" end create_table "permissions_roles", :force => true do |t| t.integer "role_id" t.integer "permission_id" end create_table "roles", :force => true do |t| t.string "name" t.datetime "created_at" t.datetime "updated_at" end create_table "roles_users", :force => true do |t| t.integer "user_id" t.integer "role_id" end create_table "snowflakes", :force => true do |t| t.integer "user_id" t.integer "permission_id" t.datetime "due_date" t.datetime "created_at" t.datetime "updated_at" end create_table "users", :force => true do |t| t.string "login", :null => false t.string "crypted_password", :null => false ... end ############################ As you can see, the user->role->permission-path is solved with has_and_belongs_to_many connections and the user->permission-path with has_many, :through snowflakes connections. What is the best way to authorize a user? I have various ideas, but I don''t know how to implement them in Rails and which of them are the best in case of performance and security. I thought of a prepared statement with all permissions by user or an array with all permissions stored and cached. But I don''t know how I can do something like array.find_by_controller(). Can anybody help me with a clean and straight solution for that problem? Thank you very much in advance! Pat