Roles are used to group the permissions. For now, you can’t assign a permission to a user directly, it is only possible to assign a role. You can manage them (add, edit, and delete) from the backend using the Audience/Roles section:
Each role has name, code, and position. Position might be used to sort the roles in the correct order:
Also, on the Permissions tab you can assign the permissions to a role:
The same as permissions, the roles are attached to a user as the claims while signing in. You can check them from the code, but permissions checking is preferred.