It seems you are talking about PicketLink Permission Management and API. Basically, permissions are a compound of assignee:resource:actions. Where assignee can be a role, group or an user. Resource can be a string representing a page, for instance. And actions can be create, update, delete, etc.
Basically, what you need is configure PL to your project. That requires a very few steps and minimal configuration to your project. Please, look at the quickstarts. You also need to create your identities and assign permissions to them using the PermissionManager bean (which can be injected in any other bean you want). Once everything is done, you can use the permission methods from the Identity bean to check for permissions. The Identity bean is marked with @Named, which means you can access it in your JSF pages, for example.
Did you take a look at this quickstart  ?