Chiming in to recommend it too! The policies are really good too, for instance this is one from our code base:

    policy action(:invite_user) do
      forbid_unless actor_attribute_equals(:role, :admin)
      authorize_if {App.Checks.OnlyAllowedRoles, roles: [:student, :parent]}
    end

And what's nice is that these policies apply for both the API and the frontend code without having to do anything extra :)