drupal uses a fairly simple system to say who can do what where:
CREATE A ROLE administer -> user management -> roles
ASSIGN PERMISSIONS TO A ROLE administer -> user management -> permissions (every module you add will integrate itself into this menu - so if you add a new module you may have to go back and add permissions to the different roles)
CREATE A USER administer -> user management -> users -> add a user
ASSIGN A ROLE TO A USER administer -> user management -> users
Then use the slightly non-intuitive checkbox next to a user name and then the "Update Options" Dropdown to assign a role (and then click on the UPDATE button)
You'll now notice that the User Table/Matrix lists the new role... Username - Status - Roles - Member For - Last Access - Operations
FILTER TO SEE WHAT USERS HAVE WHAT ROLES AND PERMISSIONS administer -> user management -> users
Show only users where (radio button of the type of filter) Dropdown of Permissions then click FILTER
This way you can spot any inconsistencies or missing items...
SITE ADMIN can create new users and change website wide settings but in drupal that can be delegated (e.g. you could have a User Admin, a Content Editor, etc.)
TO CHANGE A USER PASSWORD administer -> user management -> users -> Edit (by the user name)
(note you can also modify username, email address, role, etc.