Several changes were made to the node access system and permission system to make it easier to make Drupal more secure. Let's look at the new features that have been added first.
The Node API has been extended to include several new methods to give you more information and better control over the permission system.
This hook allows you to influence whether or not a particular operation can be performed by a user on a given node. You are passed the node being accessed as well as the account performing the action. You are also given one of four possible operations: create, delete, update, or view. You should return one of the following constants:
NODE_ACCESS_ALLOW
if the operation is allowedNODE_ACCESS_DENY
if the operation should be preventedNODE_ACCESS_IGNORE
if your module does not care one way or the other
This hook takes the place of the old hook_access
module from Drupal 6.