Roles and Permissions options are available under configuration menu. Both these options are available only to Admin (Default user you have created during installation). Let's go into each one by one:

Roles: Roles are group of users having similar permission.  You can access the role by navigating to <your_url>/configuration/role in your browser. By default system has eight different roles defined. You may create any number of roles by clicking on the "Add" button available in the header. Predefined roles cannot be deleted however, roles which you have created can be deleted at any time.

Permissions: It defines the actions which user can do.  You can access the permission by navigating to <your_url>/configuration/permission in your browser. There are more than 150 predefined permission in the application. By default all the permissions are listed at once, you can click on the module button to list module related permission.

In above image, you can see that Admin user has by default all the permissions which cannot be altered. However all other users roles can have different permissions which can be altered by Admin user. After installation, s standard set of permission is automatically assigned to different roles.