Using the request/response cycle as a guide, here’s how authorization fits in:

  1. The browser makes a request for a URL
  2. The request hits the Rails router
  3. Before the router sends the request on to the controller action, the app determines whether the user has access permission by looking at the user’s role.

What is a role? A role is a way to manage what parts of a site a user has access to. A user’s role is specified in the database.



Let’s begin building an authorization system by adding a role column to the users table.

Open the migration file for the users table in db/migrate/, and add the following column:

  • a string column called role

Run the migration to update the database with the users table.

Sign up to start coding

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?