David Kimura PRO said about 4 years ago on Dynamic Role Management :
  Technically yes. However, since these permissions are highly derivative based on the application code, it doesn't make much sense to have it in the database. For example, if you add a new attribute to a user model, there will be a database change for sure, but also there will be application code change to consume this new attribute. It makes sense to keep the permission list with the code since that's where it is ultimately tied to.