User roles are one of the things that is usually dealt with only while developing the website from scratch or when adding new features. Since standardization is the key to consistent results and more streamlined development process, you should have some sort of a strategy when it comes to user roles.

This article will present you the initial role setup on most of the websites I develop.

After having developed and worked on more than a hundred of Drupal websites, below are are the roles that I find the most being repeated:

Administrators. Unless we're talking about a very simple, one person blog (like this website for example), this will be reserved only for site builders who should have absolutely full access to the website. No restrictions here. Users in this group will not be dealing with the website on daily basis. Managers. This is how I like to call administrators that should not have access to technical details such as reports. You might want to use this account instead of an administrative one to perform daily maintenance or configuration tasks. Editors. This role deals only with maintaining the website content and cannot access any of the configuration pages. This means no views, rules, commerce settings, and so on. However, they should have the ability to change any content on any part of the website, so you will most likely want to grant them permissions for blocks, panels, skinr, etc. Testers. This role should be exactly the same as the most basic user on your website but with access to developer output and the ability to use the website in maintenance mode.

The list above does not take into consideration any special requirements of your project. You would add them on top of these roles, because you will most likely need them anyway.

Also, you should be aware that there are alternative approaches to this, such as the one that promotes creation of task-specific roles that are then attached to users. Update: Ivan Boothe was kind enough to share the link in comments: Personas module and introductory article that explains the setup. The basic idea is that you create roles that are related to specific tasks, e.g. "administer site", "edit content", etc. and that you would attach multiple roles to a single user in order to grant the permissions to a part of the website. So far in my projects I have not found this to provide more options than the setup above, but it might make sense for you.

Hope this was useful!