The .NET framework supports a role-based authorization model, and CSLA .NET is built on top of that model. However, it is possible to implement a more granular level of permission-based authorization on this model as well.
- Here's a forum thread with good information.
- Here's one of Rocky's blog posts on the topic.