The default KonaKart database already contains a number of roles. New roles may be created (and existing roles may be edited) in the Customers>>Maintain Roles section of the Admin App.
Each role is mapped to a number of panels with a set of privileges. Each role to panel association may have a combination of read / insert / edit / delete privileges.
API call security may also be enabled in the Configuration>>Security and Auditing section of the Admin App. When enabled, this allows you to map roles to API calls and is useful for enforcing security through the SOAP Web Service interface of the Admin App.
Precise instructions on how to create new roles, can be found in the on-line help.