In a Drupal site, user roles and permissions are an important way of controlling access to the site. This is more so important when there are multiple individuals besides the website owner who administers the site. Other people can be assigned certain 'roles' which define the kind of access that is to be granted. Basically in Drupal, the Site maintainer and Administrator roles are given all the available permissions and Drupal Administrator role receives all permissions throughout the lifespan of the site. This is not the case for other 'roles', where access within admin permissions and time limits only are granted to users linked to those roles.
A major advantage of adding permissions is that, when a new feature is added to a Drupal domain which is not allowed for everyone by default, this functionality can be made specific for a 'role' or a group of 'roles' but granting access to them alone. Roles are not just a way to group permissions, but they also hide important information about the site as well. For this reason, users, roles and their permissions are imperative and have to be set up and configured appropriately and tested systematically. The major Test cases/checklists to be considered while testing roles and permissions in Drupal are documented here.