Although it's easy to confuse profiles and permission sets with roles, they actually control two very different things.
Profiles and permission sets control a user's object- and field-level access permissions. Indeed, a user can't be defined without being assigned to a particular profile, since the profile specifies the most basic access for users.
Roles, on the other hand, primarily control a user's record-level access permissions through role hierarchy and sharing rules. Although a role assignment isn't exactly required when we define a user, it would be foolish of us not to assign a role since it makes it so much easier to define our record-level permissions. Indeed, trying to define record-level permissions without assigning a role to a user would be a lot like trying to travel from New York to San Francisco by car when there's an airplane available—there's just a much more efficient way of doing it!
Note:To help you remember which controls what, remember: Roles control Records.
