It almost seems inevitable that you have a project that has authentication (such as Authlogic) and have bolted some role based implementation on to it. Then the product owner starts request various authorization schemes for those roles. Normally, this is where you start to pull your hair out, but with CanCan many of these problems go away. It implements a simple authorizations solution to restrict what a give user is allowed to access.
Want to get started? Watch the Screencast.