As noted in the previous section a Security Role is a collection of permissions suited to the job requirements of a user or group of users. If your company (as an example) employs 20 sales people and 3 sales managers, it will prove efficient to create two roles "Sales" and "Sales Management" each containing appropriate permissions. This way adding a new user only requires you to select one security role for the user as opposed to selecting a large number of permissions.
And if sales people at a future time are to be granted access to say Finance Data, you can change this in one place by editing the security role. The change will then take effect for all users granted this role.
Security Roles are managed by Menu More../Setup/Logons and Security - Tab Security Roles.
Above you can see that the security role "Sales" is selected. And you can see what users are granted this role and what permissions are included in the role.
You can create new security roles and you can edit (add or remove permissions) the existing roles.
With respect to data protection permission changes is effective as soon as you click Save. But corresponding changes to the user interface (like whether certain buttons are visible or not) will not be visible for a particular user before he/she logs into the system or refreshes the browser.