There don’t seem to be any ‘dynamic’ ACL modules for rails ( CanCan is kind of there, but not quite ) – I want to be able to modify permissions on the fly, preferably from an administration page.

This is done simply with a Role table and a few methods in application_controller and your User model. This allows you to easily check the serialized Role hash {“foo” => [“edit”, “update”]} by calling current_user.can?(“foo”, “edit”) and you’ll know if they can edit the foo object.