One other way, which I went with when I had a similar issue was to go with actions instead of going with hook_node_operations. Views bulk operations comes with Actions permissions module ( http://drupalcode.org/viewvc/drupal/contributions/modules/views_bulk_operations/actions_permissions.module?revision=1.1.2.3&view=markup&pathrev=DRUPAL-6--1-9 ) 

which will automatically create execute permissions for each action defined on your site. Then you can define which role has access to execute which action and only those actions then will be shown to the user depending on the role.

Hope that helps.

----------------------------------
Dipen Chaudhary
Founder, QED42 : We build beautiful and scalable web strategies ( www.qed42.com )
Blog: dipenchaudhary.com
Twitter: http://twitter.com/dipench



On Tue, Aug 31, 2010 at 12:33 AM, Steve Yelvington <steve@yelvington.com> wrote:

I'm implementing a bulk user operation as described in sirkitree's blog post:
http://sirkitree.net/node/23

I don't see anything in the hook_node_operations() docs that addresses permissions. I'd like to provide discrete control over whether my operation is available, rather than having it show up in every VBO view that happens to return users.

Do I do that by having my implementation of hook_user_operations return a null array if the current user has no permissions? Or should I conditionally define my implementation of hook_user_operations depending on a user_access() call?

Or am I missing some other option?