Users are identities for people or long‑lived credentials. Roles are assumed by services or users for temporary access. Least privilege means granting only the minimal permissions needed, ideally via role‑based, time‑bound access.