DotNetNuke uses roles as the mechanism to assign permissions across multiple users (though permissions can also be granularly assigned to invidual user(s)). This means that the data is stored within DotNetNuke's tables and via the stored procedures that ship with the core. Whilst it's entirely possible to have an authentication provider that syncronises an external stores roles (or semantic equivalents) with the DotNetNuke roles (this is the approach that the Active directory
Authentication Provider takes), in some cases a site may want to fully integrate with their data store for roles.
In this case the correct approach is to implement a custom role provider.
References