I understand it like this:
A group gives a user continuous, long-term access. But if a user who is already in a group needs temporary access to a specific resource, adding them to another group or changing policies is inconvenient. In that situation, the simplest option is to let the user assume a role, use the required permissions temporarily, and then switch back when done.

Groups → long-term, continuous access

Roles → temporary, on-demand access without permanently changing user permissions