Roles are used to group the permissions. You can’t assign a permission to a user directly, it is only possible to assign a role. You can manage them (create, edit, and delete) from the backend using the Audience/Roles section:
Each role has name, code, position, and other fields:
Code might be used to check roles from code.
Position might be used to sort the roles in the correct order.
Also, on the Permissions tab you can assign the permissions to a role:
The same as permissions, roles are attached to a user as the claims while signing in. You can check them from the code to control rights and restrict access, but permissions checking is preferred.