does the role have those permissions on all of the objects in the catalog ? you should create an acl policy that grants whatever roles need access to the catalog objects, and IN the catalog options (not ON the catalog) you associate the acl policy w/ the catalog so that when the cuj runs the acl policy will be associated w/ the objects it contains.
I hadn't given the permissions onto the hotfix area properly.
I've also set the ACL Policy so that is picks it up automatically.
Thanks for the help.