It is probably best for me to give an example of what I think is the distinction between a role and a privilege (or the sum of a user's privileges).
The easiest example of the difference is that we don't have an explicit 'create' privilege in OpenACS. How can we, privileges apply to objects, and you can't have a privilege on a object before it exists. So the 'create' privilege (which I would call a single element of a role) is usually assumed by the existence of another privilege on another object (or more than one object in some cases). The point is information, which makes up part of a 'role' isn't in a database table, it is implied by the UI.
Another example is the 'update' privilege. Privileges are based on objects. However the UI defines/enforces several roles. Most packages have a 'user' mode and an 'admin' mode, or an admin area. Usually the admin area offers greater access to all the attributes of an object. The admin area may not even check the actual permissions on an object, being able to access this area is enough proof that the user has assumed the admin role on the package.
