The reason why you're probably seeing lots of Role-based solutions is
because that's a much more maintainable solution in the long run.
Rather than giving rights to individuals and having to manage each
individual across an organization you can set up a handful of templates
(roles) with different levels of authorization to an application's feature
Then you can just see whether a user is in that role or not as to
whether he can do a certain action.
I know it doesn't help your question as directly as you probably want,
but I would highly recommend using a similar solution.