If I am not wrong, you can set permission for users or roles only, not for memberships.
Memberships are mainly intended to be used in combination with e commerce for live site users and customers, or for other specific purposes where an additional security layer that groups together multiple roles is useful.
If you need to define authorization options for different types of users, such as content editors or administrators for specific modules, it is recommended to do so directly using standard roles.
Particular solution depends on complex security settings you have. You can set permissions for module, document type or document level. Result (final permission) depends on all three settings, as there is some hierarchy. For example, if you allowed permission (e.g. Read) for some particular document type (e.g. cms.news) and role (e.g. Role A), given role can read all documents of the given document type, if you don’t deny it for it on document-level. However, if some role doesn’t have Read permission nor for module Content or the document type, it needs Read: Allow on the document level.
You can see more info about all three layers and some examples at http://devnet.kentico.com/docs/devguide/permissions_for_modules_and_documents.htm