I followed this tutorial for setting Autlogic up properly. So, my site needs a form of level, like "Admin", "Moderator", "User", "Guest". So Admins can do everything, where Moderators may not can make site changes. And Users can't destroy, Update or Create.
You need an authorization framework like cancan or declarative_authorization for that.