I like the simplicity of Pundit gem and I would like to make policies dynamic by storing them to database.

Basically I'm looking for a way to be able to change policies without need to redeploy the application.

1st way

Pundit policy is pure ruby code, so if you don't want to keep code inside database and evaluate it dynamically, I'd say the answer is no. It's unsafe. You may give it a go, though.

2nd way

But nothing prevents you from creating model which keeps rules in simple json and compare them using Pundit, e.g.:

class PostPolicy < ApplicationPolicy
  def update?
    access_setting = PolicySetting.find_by(key: self.class_name)
    user.role.in?(access_setting['roles'])
  end
end

Of course, complexity and flexibility of the tool directly depends on each other.

3rd way

Is just work around. You may set you authorisation project apart from the main one, so that it's deploys (zero-downtime, of course) would not affect the main big project.

4th way

Create your own DSL to be stored in Database

5th way

Use something like json-logic-ruby to store logic in database