We ended up using some of the internal Telligent services to accomplish this (not recommended, though, because they're subject to change).
Basically, we grabbed an instance of Telligent.Evolution.Components.IRoleService and Telligent.Evolution.Components.ISecurityService to perform some of the programmatic permissions setting magic. The implementations of these interfaces were pulled via the ninject kernel. In fact if you just use Telligent.Common.Services.Get<>() to grab a self bindable class that you write, Ninject/Telligent will automatically wire up those interfaces through constructor injection.
There's a method on IRoleService named AddNodePermissions that can be used to add a list permission entries specific to a node and role. Note that to remove permissions you have to explicitly set the PermissionEntry to false.
- Steve Testa, Hyland Software