Roles allow you to set up a hierarchy of users and to control which articles users can see.
Roles are set up as tree structures, and when you mark an entry as private to a specific role then users with this role and with parent roles have access to the article. Any role below it in the tree, and roles that do not belong to 'current tree', will not be able to access the article.
For example, suppose you have the following roles:
In the above tree the Contractors role has a sub-role of Manager, and below that sub-sub-roles of Beta Tester, Tech Writer and Programmer.
Users can be assigned to multiple roles. Thus your programmer could also be an employee.
If you mark an article private read and assign to it a role of 'Programmer', then contractor managers and programmers will be able to access the entry. No one else will have access to this article.