Permissions and user roles: allow both or only roles?

Does it make more sense to only set permissions on roles and grant roles to users, or should the application allow specifying roles and user permissions?

I'm not sure if allowing both of them to establish themselves on the users is an exaggeration.