OK, good, found the question: "Why isn't it just better to create roles on the database and grant permissions to tables and then access the database using a respective role?". :)
The difference is between the front end, the site administration, and the database administration.
Consider forums. You may have a list of roles or titles, each of which have a different set of permissions for what they can and can't do. This may including reading, posting, replying, creating new threads, and creating topics.
Forum users will only see these roles, while site administrators will be able to see permissions for these roles. Only the database administrator will be able to see how these roles correlate with database accounts.
Some accounts may have insert privileges in one instance, but not the same instances in another. By linking a user account with a role with set ACL permissions, the role can tie in with the SQL accounts to provide the appropriate access in the background.
I hope that answers your question. :)