When you create a user, you're filling one of the available seats that your company purchased with your license agreement. When you delete a user, the seat becomes available again for future new users.
You must assign every user a single role. Without a role, the user can't log in. The role permissions define the type of seat the users have and also what they can do in the instance. For example, can they access sheets, or modeling, or both?
Administrators with the Admin Access > Users permission can create and maintain users, and administrators with Manage Global User Groups can also assign users to Global Email Groups. Any user can update their own profile and change their password.