WordPress is the most popular content management systems in the world and CiviCRM is the most popular open source CRM for non-profits and the civic sector. With CiviCRM 4.1 support for Wordpress, Wordpress users were able to use the most powerful CMS + CRM combination ever.
But Wordpress lacks the fine grained access control feature, which are very well supported in Drupal and Joomla. In CiviCRM 4.1/4.2 If you want a wordpress user to access CiviCRM, you should give them administrator role, which will allow them to not only access all the CiviCRM Components, but also the administrative pages.
To overcome this drawback in Wordpress + CiviCRM, Access Control feature (similar to permissions in Drupal) was developed for Wordpress and integrated into CiviCRM core and will be in CiviCRM 4.3 release. This feature is developed as CiviCRM Core and independent of any wordpress plugins (unless you want to create new WP roles). When CiviCRM plugin is activated, all the CiviCRM core/component permissions are injected as wordpress capabilities, so that each WP roles can be assigned different capabilities. By default, Administrator role will have all capabilities (permissions) in CiviCRM and all other roles can be assigned capabilities (permissions) in CiviCRM Navigation Menu >> Administer >> Users and Permissions >> Permissions (Access Control)
One other drawback in Wordpress is that Wordpress does not deal with Anonymous users, which makes it hard for administrators to manage access to public event/contribution pages in Wordpress/CiviCRM installation. To overcome this, CiviCRM injects a new role (Anonymous User) in the wordpress instance, so that this role can be used to assign capabilities for anonymous users accessing public event/contribution pages.