Roles and permissions allow for the different security levels we use for each user. They control each visitor’s access and keep unauthorized people away from areas where they don’t belong.
Roles handle the different security levels and each is made different because each have different permissions. Permissions can be duplicated between roles, but each role is unique in some way. (It makes no sense to create 2 roles and give them identical permissions.) Once roles are setup, people are assigned to one or more of them. Naturally roles are meant to grant extra permissions, but some roles could have an undesireable affect; by limiting permissions further.