A user is an individual in a company or organization, who proves their identity to the Application Server by entering a password known only to them.

A role defines a capability to perform an operation or access to some entity on the Application Server, and might typically be held by a number of users.

Each user has zero or more associated roles.

For Web-based deployments, you create users and roles, and associate roles with users by using your application server.