The problem you'll have with this approach as with just about all the other approaches is the fact you want to allow business users to create and delete roles on the fly. How are you even going to check that in code? Typically, you'd restrict execution of a method or service call to a specific role (or set of roles) - how is this going to work if you want to have roles that get created dynamically at runtime?
If you can live with pre-defined roles, there's a few solutions. Have you checked out the ASP.NET role provider? It's part of the more general ASP.NET membership and role provider set, but it can be used on its own, too.
To activate it, use this snippet in your config (once you've set up the basic infrastructure for the ASP.NET role provider stuff):
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceAuthorization principalPermissionMode ="UseAspNetRoles"
roleProviderName ="SqlRoleProvider" />
</behavior>
</serviceBehaviors>
</behaviors>
The only other idea I have is looking at the Authorization Manager (AzMan): this is a set of tools to allow you to specify fairly granular "atomic" permissions that a business user can then compose into roles and assign users to those. But basically, in the end, at the bottom level of the granular program functions ("Tasks" in AzMan), you're dealing with a static set of rights, again.
Check out this MSDN article on AzMan as an introduction and see this article in the WCF security guidance on how to use it from a WCF service. I don't know the current status of AzMan and I don't know if it will be developed much further anymore - it almost seems a bit like it won't (but I'm not 100% sure on that).
Marc