Resolution is what user can do: view, admin, edit posts, delete users and so on.
To have the same permissions to assign each time a different user tied to a role. Then the role assigned to the user either immediately upon registration or the administrator.
When you assign the role "Administrator" any user are available for him all the permissions of the role. The same role can inherit. The admin can inherit the user role and optional permissions.
If you added a new permission system, then you just assign this permission to the required roles. And all users of this role becoming available is the solution. If it were not for role - permission would need to assign to all users.
In small projects you can do for roles with no permissions. A role is used to group permissions.
Clearly enough described in Wikipedia