Authorization gem for Rails using a central ability.rb file that defines rules and permissions per user role and resource. Provides separation of concerns (authorization logic in one place) and integrates with controllers (authorize method) and views. Criticized for not scaling: the ability file grows unmanageable (production ability files reach thousands of lines), and permissions become interdependent and hard to refactor.