Any page element that a user can view or hear or otherwise interact with, such as a menu link, is available for doing so because the user, via a role, has been given permission to do so. This is a very important concept, so I will give an example. You have no doubt seen a Terms and Conditions link on most sites.
On a Drupal site, if you see such a link, it is because your user role has been granted permission to access that content (the Terms and Conditions page). Were that permission not granted for your user, the link would probably not be visible. Were it still visible, or were you to enter the URL for the page in your browser, you would receive a message stating that you have not been granted access to that content.
Because permissions can be granular and detailed, there are a lot of them, and adding modules will typically add more to the list...