Linda Gricius (March, 1998):
Principals gain access to services by presenting credentials, which contain attributes, and give them access rights to services. These attributes can be assigned to each individual, or to a role. By then allowing a principal to authenticate with a given role, all of the attributes associated with that role are put into the principal's credentials.
So, the use of roles is more efficient when administering principals - rather than having to administer attributes for each principal, you can assign attributes to roles, and then allocate roles to principals.