Catalogs are tricky. You also need to give them access to the patches if I'm not mistaken. Is this Role just managing the catalog? Or are they also doing analysis and remediation jobs? Did you install the OOTB content? There are many Roles and Authorization Profiles added as examples.
So if you open the role in the rbac workspace you see all of those permissions in addition to the <ostype>software.* listed ?
and you have explicitly granted this role those permission on the catalog and smart group, and depot items and this was done via the acl policy you associated w/ said objects ?
Figured it out I think, or at least it works.
to the groups ACL Policy.
Although I had given the Role, the Authorization profile __PatchCatalogAndPatching which contained these five items, it did not work until I put these five items into the ACL Policy.
In RBAC your role must have the authorization to perform some action, and you must be granted that authorization explicitly on some object.