%table.table %tr %th Name %td= @ability.name %tr %th Description %td= @ability.description .row .col-sm-8 %h2 Allowed actions %table.table - @ability.permissions.each do |perm| %tr %td= perm.allowed_action = link_to 'Edit', edit_ability_path(@ability), :class => 'btn btn-mini' if is_allowed_to?(@ability, :edit) .col-sm-4 #abilities_explanation.help_text.well.small.text-muted %p Allowed actions are specified as follows: %ul %li %pre posts[index, show] %ul %li Only the things that are explicitly specified are allowed. This declares that on the %tt PostsController only %tt index and %tt show are allowed. %li %pre *[index, show, report] %ul %li We also allow wild-cards. Instead of a controller-name, we could write %tt * which would mean the specified actions would apply to all controllers. %li %pre posts[all] %ul %li If we write %tt all instead of a specific action or list of actions, then all actions are allowed for a given controller. In this case a user has the ability to access all actions inside the posts_controller. %li %pre *[all] %ul %li By extension, this means a user has the ability to access all actions from all controllers. %p When abilities are assigned (authorisation), it is possible to specify the extent of the ability. What this means depends on your website, but in case of e.g. a blog-host (like blogger), this means that a %tt author 's permissions could only be valid on those blogs he owns or has access to.