Need email + password only for authentication and authorization. Each user represents an entity (organization) defined by their unique email + password combination. A user has no role defined and if there were a default role defined internally in web2py it would be the same for all users. While logged in (or signed in) a user has their own session created that allows them to perform/view certain actions until they log out. Does that help?
--
