You can configure a permission matrix based on pages (Page Permissions tab) or based on roles (Role Permissions tab). You can use either or but they will always match after saving the scheme.
In case an new role is added to the application, it will automatically be available here to configure its permissions. A new role starts with no permissions.
The Administrator role will always be checked for all permissions. You cannot uncheck a permission for this role. So assign this role to users with care.