Is there any documentation about which permissions each role has? I've found this guide, but it's only from the workflow point of view. I would like to know, for example, about whether they can creat new courses, modify them, etc.
The permissions for each role are set according to the function of each role. In other words, the lifecycle of permissions is defined by the workflow. Or in other words, who can edit the content and when is defined by workflow states, not necessarily role permissions. You can look up the full definitions by examining permission changes on workflow states in the ZMI if you really want to, but you probably would want to have a good understanding of Zope's permission model first. If you want to dive deeper have a look here:
From a very high level eduCommons works as follows:
Producer - all permissions enabled to create new content, sends content to QA when complete
QA - read only view over content, can move content forward to a publisher or back to producer in the workflow
Publisher - Responsible for pushing the button and publishing content on the site.
Manager - Has all permissions for all roles
Some things to note:
A producer can not edit published content
QA can not edit content
Manager can edit published content, as well as edit content in any state
Roles are not necessarily mapped 1:1 to users. For example, a content developer may have multiple accounts, and can act as QA on one course, while producing another.