The best way to understand what exactly a role is in the Octopus Deploy context is to make an analogy:

Usually, when you deploy your software you have to specify exact hostnames/IPs, meaning you have to know/specify the topology of the environment you are deploying to. Let's not forget that in production we usually deploy to clusters/farms (the same package is distributed among multiple machines).

In Octopus we don't configure our projects/packages to be deployed to specific deployment targets. We rather ship to a specific environment and a specific role:

Instead of saying:

Our fancy web app should be deployed to the deployment targets WEB01, WEB02, ...

We say:

The fancy web app should be deployed to the machines that are tagged with the web role in the test environment.

In other words, a role is a layer of abstraction in this case. So we do not have to keep in mind the topology or our infrastructure, all we need to know to which role we are going to deploy (Since we always deploy packages to a specific role and environment, Octopus Deploy server knows how to filter out the right deployment targets and ship the packages).

We can make yet another analogy from the DB world. Indeed there is a many-to-many relation between environments and roles, which is a deployment target:

Environments <-> Relation between both = Deployment Target <-> Roles

Btw. there is no explicit interface in the Octopus Web Portal to add/manage roles. However, you can introduce a new role either during editing or creating a deployment target Infrastructure -> Deployment Targets -> Add Deployment Target:

To see existing roles go to Infrastructure -> Overview: