Please read for an updated status on RailsCasts:
Learn more or hide this
GitHub User: igambin
I think you are confusing authentication and authorisation.
Authentication is only to make sure you are who you claim to be logging on.
You are talking about authorization which defines if you are allowed to access determined parts of an application/data.