What is the difference between roles and groups
A user's role in Canto controls what permissions they have in the system, such as whether they can share, upload or download content.
In most cases, it would be the default roles of Administrator, Contributor and Consumer, and your custom roles if applicable.
Groups do not affect permissions in the system itself, but can control which restricted folders and albums members of a particular group can see. The same applies to the access to portals, workspaces, and style guides.
Let's assume you want to create an exclusive workspace for your colleagues from marketing as part of a project.
To avoid having to add all users individually, you can assign the fictitious group "marketing global" to the workspace. The members of this group are stakeholders with different roles. Some of the users belong to the contributor role, others to the consumer role. All these group members can only access the workspace, in the workspace itself the permissions of the respective roles apply again, i.e. the consumer only sees approved content, the contributor can actively upload and edit content.