Roles determine what a user can and can’t do. There are currently four predefined roles in Matomo: View, Write, Admin and Super User.
The View role allows a user to see reports for a website. The Write role is the same as the View role, except the user can also create (and update and delete) a website’s Goals, Forms, Funnels, A/B tests, Heatmaps, Session Recordings, etc. if they desire.
The Admin role is one step above the Write role in that it allows a user to both see reports, configure those reports and the website itself, and also manage user access for the specific website. The Super User role is the most powerful role and gives the user the ability to do anything to any website, as well as enable/disable plugins and set global system settings.
With the exception of the Super User role, all roles are tied to a website. So a user could have View access to one website and have Admin access to another. This means you can more precisely decide who has access to what.