I've done what you're trying to do, and your routes look right.

You need to also create a UsersController that handles all of the CRUD actions you want to perform on users. This is separate from Devise.

When your UsersController is there, you can only allow admin users access to particular actions by redirecting (perhaps in a before filter) if the current_user is not an admin.

Devise is great for user authentication but it does not come with built in support for managing users. So you'll have to build that yourself.

Here's an example of how to do it. The example is a few months old but it should point you in the right direction.

I've had to do this as well, and it's not currently built into devise. Since the answer most upvoted has a dead link, I thought I'd post my solution here.

You need to create a UsersController and built out your forms and controller on your own, but then you also need to isolate the UsersController that devise sets up. To do this, in your routes.rb file, modify your devise_for :users call to

devise_for :users, :path_prefix => 'd' # routes for devise modules on User

resources :users # custom admin-type CRUD for users

This will change all your default devise-handled routes to /d/users/... and let you have the /users/... path to let you manage users as an admin.

Devise also addresses this in their wiki.