Certain rules determine the behavior of privileges and permissions.
A role assigned a functional privilege cannot perform any actions in the catalog until catalog permissions are also assigned
A role can be assigned a set of permissions on catalog objects without being assigned any functional privileges
If a role is assigned a functional privilege, when catalog permissions are assigned, some permissions are inherited
A role assigned a functional role cannot perform any actions in the catalog until catalog permissions are granted.
Note that the functional roles themselves (BI Publisher Developer, BI Publisher Scheduler, and so on) cannot be directly assigned permissions in the catalog. The functional roles must first be assigned to a custom role and then the custom role is available in the catalog permissions table.
The permissions available directly in the catalog enable running reports, scheduling reports, and viewing report output.
Therefore if your enterprise includes report consumers who have no other reason to access BI Publisher except to run and view reports, then the roles for these users consist of catalog permissions only.
When a role is assigned one of the functional roles, and that role is granted permissions on a particular folder in the catalog, then some permissions are granted automatically based on the functional role.
For example, assume that you create a role called Financial Report Developer. You assign this role the BI Publisher Developer role. For this role to create reports in the Financial Reports folder in the catalog, you grant this role Read, Write, and Delete permissions on the folder. Because the BI Publisher Developer role includes the run report, schedule report, and view report history privileges, these permissions are automatically granted on any folder to which a role assigned the BI Publisher Developer role is granted Read access.