Architecting a Roles & Permissions System Using Rails, GraphQL & React We recently rolled out our own permissions system within the Atrium platform. Below is how we did it, along with some general thoughts on permissions. In this post: Goals for our permissions system Naming conventions Why permissions should be positive Bundling permission sets into roles Do authorization checks on the permission