Profile:
- A Profile is a collection of settings and permissions that controls the user what they have to do in the application and with access what they have.
- A profile controls “Object permissions, Field permissions, User permissions, Tab settings, App settings, Apex class access, Visualforce page access, Page layouts, Record Types, Login hours & Login IP ranges.
- Defining profile for a user is mandatory.
Role:
- A role controls the level of visibility that users have into your organization’s data. Mainly is going to provide the record level security.
- Users at any given role level can view, edit, and report on all data owned by or shared with users below them in the hierarchy, unless your organization’s sharing model for an object specifies otherwise.
- It is not mandatory that a user should have a role.