Set of permissions that can be applied to multiple users
Roles make it easier to manage permissions for complex organizations. Users with the same permissions can be assigned a role instead of changing individual permissions on each user.
Authorization of an action on a resource is granted if the corresponding permission is assigned to a user either through the user's role or individual permissions. Hence, not every permissions use case needs to be encapsulated in a role. Two users with similar use cases can share the same role and have differing individual permissions, thereby making managing similarly scoped users easier for administrators.