What's the difference between groups and roles?

Question

A lot of identity management implementations use roles in addition to groups. How are they different? So far I haven\'t found a compelling use case for separating the two. A

Answer 1

For me the difference between "groups" and "roles" is in the Cardinality

A group can not contain a group. But a role can contain roles.

I like the way PostgreSQL handles it: From Database Roles and Privileges

A role can be thought of as either a database user, or a group of database users, depending on how the role is set up

This means using roles can make applications simpler and more flexible. Imagine an issue tracking tool. With a Foreign-Key to a role, you handle both cases: You can reference a single person or several persons.