So I got CanCan and Devise working well. I have two types of users: Admins and Nonadmins. Admins can view ALL appointments from the same Account or Organization. The problem is, every user (either Admin or Nonadmin) belongs to an Account or Organization. Admins should only be able to view appointments from their own Account or Organization. Can''t get it to do it. Every appointment has an account_id Every user has an account_id So this is what I have on ABILITY.RB ----------------------------------- can :read, Appointment do |appointment| appointment.try(:account_id) == user.account_id end ----------------------------------- But I keep on getting Access Denied error. whyyyy? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.