Currently that's not supported. You can assign a Security Role over a container with Business Units in it, however in this case the permissions will apply to the Business Unit objects themsleves, but not to their members. So, for example, this can be used to distribute rights to view different Business Units.
But if you want to grant some rights to members of Business Units, you'll need to include the Business Unit object into the Activity Scope of the Security Role, assigning the Role to the Unit members. For information on how to grant permissions for Business Unit members, see View & Manage AD Objects Collectively (the 2nd part of the tutorial).
Business Unit visibility in the Web interface:
On the Business Units pane of the Web Interface, users will see only the objects contained on the top level of the Business Units container. If they need to view some objects located deeply in the Business Unit structure, they need to browse to the necessary Business Unit. So, for example, if a user needs to access the Office Business Unit, located in the US subcontainer of the North America Container, the user will see only the North America container on the Business Units pane. To get to the Business Unit, the user will have to double-click the North America container, then open the US subcontainer.
Alternatively, if the Browse button is enabled in the Web Interface, users can browse the Business Units tree the same as they browse Active Directory.
Note that in order to be able to view and list containers with Business Units, and also view Business Unit objects, users need to be granted appropriate permissions with the help of Security Roles. If a user doesn't have permissions to view a Container or a Business Unit, he won't be able to view the Container or the Business Unit in the Web interface. By default, the permission to view all Containers and all Business Units is granted by the built-in Domain User Security Role that allows all authenticated users to view all objects. If you changed the assignments of the Domain User Role or disabled it, you will have to assign the permissions for the containers and Business Units explicitly. For example, in the scenario above, you will need to grant at least the Read permission for the North America Container and all of its children.