Types of users:

Anonymous User. A user who has not logged in. They may be a guest, they also may be a member who just hasn't logged in.
Unconfirmed User. A user who has registered on the site but hasn't clicked the verification link in the confirmation e-mail sent to them to confirm their e-mail address is accurate. (Note: the confirmation e-mail is generated when the user self-registers on the site.)
Registered User. A user who has registered on the site and whose email address has been confirmed. Could also be a user that a site administrator created. (Administrator-created users are automatically advanced from unconfirmed user to registered users.)

Standard roles in each Digital Deployment sandbox

Registered user. Basic user, assigned by default. No member permissions given. Can log in to the site, reset their password, subscribe to updates, but cannot see member-only information.
Member. An approved/authenticated user based on certain criteria. Members are assigned member status by a site administrator, or by a certain set of rules (like if their e-mail address ends in a certain domain, if their e-mail was on a pre-approved list, etc.)
Members may submit certain kinds of content for consideration, or may propose edits for any post type they are allowed to edit.
Sometimes the member role is only allowed to edit posts they created or were set as author of, depending on the site's security settings. This is helpful for things like something like a "member profile" post type, where they should be able to edit their own profile but not anyone else's.

Contributor. The Contributor role can create content and edit their own content, but their additions and/or changes will not go live until approved for publication. Notification emails are sent to site approvers where they can edit or approve each post. Cannot edit navigation and cannot edit post types.
Editor. Can create posts and make edits to any post on the site, A notification email goes to approvers, but content / changes go live immediately. Editors cannot make changes to the navigation of the site, nor edit post types. 
Site Admin. Can add/remove users, approve and publish pending content, add/edit site navigation, manage post types, create and see all content and post types.
System Admin. All permissions of the Site Admin role, plus a few more including the ability to configure DD Mobile, synchronize Mailchimp groups, etc. Cannot be edited or deleted by any other user except another system administrator. Sees system logs and can initiate a security lockdown as well as use Backup / Restore to download a copy of the site database.

Special Roles

Your site may have special roles configured. These roles are primarily for limited content to be viewed to a certain audience. (For example, a Board of Directors role could be configured as the only Member role to see Board of Directors' minutes.) For more information on any special roles on your site, contact us.

Setting permissions to "view"

View access is assigned on a post-by-post basis. Defaults are defined within the post types, for example: Board announcements could be set to "member only" and they would only be visible by committee chairs or board sections. So every time you create a post with that post type, it will automatically be set to member only. 

Everyone. Not necessary to select because your published content is public by default, but remains available for special cases
Visitors only. Visible only to logged out / anonymous users. (And Site / System Admins, since they can see all posts)
Any registered user. Handy to restrict from anonymous traffic but allow to be viewed by anyone logged in, regardless of role.
Certain users (select). Choose specific roles you'd like to restrict the content to, including any custom roles you've created.

Setting permissions to "edit"

For each post type, you can specify which roles can edit the post. This is enforced immediately site-wide.