Roles
The Roles are used to control security. A user plays a particular role in a particular Workspace. For example, In the "Lead Tracking" process the roles may be "Sales Manager", "Sales Co-ordinator" and so on. Roles are assigned privileges (who can do what).
Once you create the roles and workspace, you can now assign the roles to the user they play in a Workspace when adding/editing a user.
When you create a workflow instance and assign the user to it, the privileges are inherited with the Workspace and Role privilege.