Yes, you can have a user without any roles defined to it.
>> if so, would they even have permission to connect?
Granting the below permissions would help in achieving the below:
* CONNECT privilege - to connect to a database
* SELECT privileges - to SELECT from tables or views
* EXECUTE privileges - to Execute a Procedure.
and others..
