You can use config.on_unauthorized_access config option as described here.

# You can also specify a method to be called on unauthorized
# access. This is necessary in order to prevent a redirect
# loop that can happen if a user tries to access a page they
# don't have permissions for
# (see [#2081](https://github.com/gregbell/active_admin/issues/2081)).
config.on_unauthorized_access = :render_403

The method access_denied would be defined in application_controller.rb. Here is one example that redirects the user from the page they don't have permission to access to a resource they have permission to access (organizations in this case), and also displays the error message in the browser:

class ApplicationController < ActionController::Base

 def access_denied(exception)
   redirect_to admin_organizations_path, :alert => exception.message
 end

end

I had the same error, and I have an admin user with:

if user.admin?
  can :manage, :all
end

I just forgot to add the correct role to this user, so maybe someone will have the same infinite redirect loop as me with ActiveAdmin and Cancan.

If the user does not have access to a page, ActiveAdmin redirects to the Dashboard. If the user doesn't have access to the dashboard, this results in an infinite redirect.

Solution is to give the user the ability to read the dashboard page. Place this in the ability model object:

can :read, ActiveAdmin::Page, :name => "Dashboard"

This is mentioned in the authorization adapter documentation, but the infinite redirect seems to be caused by a bug in ActiveAdmin. It is neither raising a CanCan::AccessDenied, nor displaying an message to the user. At the least, it should display a message in development to help troubleshoot this issue. But it does not currently.