diff --git a/Gemfile b/Gemfile
index 28de950..d53a377 100644
--- a/Gemfile
+++ b/Gemfile
@@ -13,6 +13,8 @@ gem 'devise'
 gem 'omniauth'
 gem 'omniauth-kerberos'
 
+gem 'cancan'
+
 
 # Gems used only for assets and not required
 # in production environments by default.
diff --git a/Gemfile.lock b/Gemfile.lock
index 6987ab4..fd18da1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -47,6 +47,7 @@ GEM
       slim (~> 1.3.6)
       terminal-table (~> 1.4)
     builder (3.0.4)
+    cancan (1.6.9)
     coderay (1.0.9)
     coffee-rails (3.2.2)
       coffee-script (>= 2.2.0)
@@ -187,6 +188,7 @@ DEPENDENCIES
   better_errors
   binding_of_caller
   brakeman
+  cancan
   coffee-rails (~> 3.2.1)
   devise
   jquery-rails
diff --git a/app/controllers/alerts_controller.rb b/app/controllers/alerts_controller.rb
index 47d7ec7..f6f11fa 100644
--- a/app/controllers/alerts_controller.rb
+++ b/app/controllers/alerts_controller.rb
@@ -1,5 +1,6 @@
 class AlertsController < ApplicationController
   before_filter :authenticate_user!
+  load_and_authorize_resource
   # GET /alerts
   # GET /alerts.json
   def index
@@ -13,7 +14,7 @@ class AlertsController < ApplicationController
   # GET /alerts/1
   # GET /alerts/1.json
   def show
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])
 
     respond_to do |format|
       format.html # show.html.erb
@@ -33,7 +34,7 @@ class AlertsController < ApplicationController
 
   # GET /alerts/1/edit
   def edit
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])
   end
 
   # POST /alerts
@@ -54,7 +55,7 @@ class AlertsController < ApplicationController
   # PUT /alerts/1
   # PUT /alerts/1.json
   def update
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])
 
     respond_to do |format|
       if @alert.update_attributes(params[:alert])
@@ -68,7 +69,7 @@ class AlertsController < ApplicationController
   # DELETE /alerts/1
   # DELETE /alerts/1.json
   def destroy
-    @alert = Alert.user_alerts(current_user.id).find(params[:id])
+    @alert = Alert.find(params[:id])
     @alert.destroy
 
     respond_to do |format|
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e8065d9..d26dda4 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,3 +1,8 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
+
+  rescue_from CanCan::AccessDenied do |exception|
+    flash[:error] = "Access denied."
+    redirect_to root_url
+  end
 end
diff --git a/app/models/ability.rb b/app/models/ability.rb
new file mode 100644
index 0000000..090b907
--- /dev/null
+++ b/app/models/ability.rb
@@ -0,0 +1,12 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    user ||= User.new
+
+    can :read, Alert,       :user_id => user.id
+    can :create, Alert
+    can :update, Alert,     :user_id => user.id
+    can :destroy, Alert,    :user_id => user.id
+  end
+end