I'll come out and say I'm against this, but I need to make sure I'm not the only one.
Currently permissions are assigned to roles within the
ability.rb class. This is mostly on a blanket basis, e.g.
can :manage, :all if user.has_role? :admin. It's unlikely these would need to change unless a new model was created that required some form of access by someone lower down the administrative tree - and if you're creating a new model you're in the code anyway.
Umm, so yeah.