Been using devise for a number of projects, happy with the authentication process.
Cancan (thanks Ryan Bates) allows role based permission management. Once you understand how things work together, it’s quite easy to setup and test.
Found these blog posts helpful.
There are a few gaps though, that are filled in here.