I think you need create another table:
def change
create_table :access_restricts do |t|
t.integer :user_id
t.integer :application_id
t.integer :role_id
t.timestamps
end
end
User and application will have many assess_restricts.