The User plugin's most important task is authenticating users.
While the underlying framework is well aware of what a user is, what user permissions are and how to handle them, it is not the business of the framework to interact with the user. That responsibility rests squarely on the plugins.
That's why there is a plugin called User that takes the username and password of someone that wants to log in, maintains the list of users and presents the administrators with a way to decide what users get to handle what tasks on the website.
It basically bridges the gap between the framework and the user when it comes to adding, removing and editing users, their permissions and other details.
The plugins specifications require a plugin to pre-register the permissions it's going to ask for, so it's relatively easy to present a list of what users can and can't do. From there it's just a few checkboxes, and suddenly you, too, can edit articles.