Several changes were made to the node access system and permission system to make it easier to make Drupal more secure. Let's look at the new features that have been added first.
The Node API has been extended to include several new methods to give you more information and better control over the permission system.
This hook allows you to influence whether or not a particular operation can be performed by a user on a given node. You are passed the node being accessed as well as the account performing the action. You are also given one of four possible operations: create, delete, update, or view. You should return one of the following constants:
NODE_ACCESS_ALLOWif the operation is ...