The actual denying of permissions can only be done if you are rooted. It will only show non rooted users what kind of permissions you have given an installed app.
It's amazing how many apps want access to your call logs, phone ID # and other things. Even though they don't need them to function. Just another reason to Root. With LBE installed on my rooted phone I have denied phone id# permissions to all apps that don't need it. All other permissions on all apps I have set to prompt for an allow/deny pop up window.
I now have control, not the app.