So far we've seen how to build an authentication system that lets users sign up, log in, and log out.
In addition to authentication, many web apps have a way to give specific users permission to access certain parts of the site. For example, a blog would give only its authors permission to access the editing and publishing parts of the site. Permissions are defined with an authorization system.
Let's create an authorization system for a recipe website built with Rails.