Implement the following custom authorise attribute.

public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
        public CustomAuthorizeAttribute (params string[] roleKeys) 
        {
            var roles = new List<string>();
            var allRoles = (NameValueCollection)ConfigurationManager.GetSection("CustomRoles");
            foreach(var roleKey in roleKeys) {
                roles.AddRange(allRoles[roleKey].Split(new []{','}));
            }

            Roles = string.Join(",", roles);
        }

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
            if (filterContext.Result is HttpUnauthorizedResult)
            {
                filterContext.Result = new RedirectResult("~/Error/AcessDenied");
            }
        }
    }

Then add the following to the web.config

<section name="CustomRoles" type="System.Configuration.NameValueFileSectionHandler,System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

and then, as an example

 <CustomRoles>
    <add key="UsersPagePermission" value="HR,Accounts,Developers" /> 
  </CustomRoles>

The on your controller or action or in the global filters (whichever you prefer :)) add the attribute

e.g.

[CustomAuthorize("UsersPagePermission")]
public class UserController : Controller

This will allow you to modify the web.config rather than code to change permissions.