This blog shows difference between Code base security and Role base security
CAS is the approach
of using permissions and permission sets for a given code to run. Example,
Admin can disable running executables off the Internet or restrict access to
corporate database to only few applications.
Role security most of the time involves the code running with the privileges of
the current user. This way the code cannot supposedly do more harm than mess up
a single user account.
Neither is better. It depends on the
nature of the application; both code-based and role-based security could be
implemented to an extent.