My guess is that the role does not have 'Run application' permission for the necessary applications.
In Sense/Net permissions have two sides:
permissions on the content itself, for example on the site or library (that is what you have, it looks correct).
This is what determines which content can the user access and the 'level' of the access too. For example See permission means you can see that the content is there but cannot do much with it. Open gives you access to all data (but only read it), Save lets you modify it, etc. But as you can see, these permissions are relatively general, they are not related to specific features (although you can define your own custom permissions for your needs, but that is not necessary in most cases).
permissions on actions/applications
This is the other side: what can the user do with the content, which actions are accessible to him? In Sense/Net there is an application content for every action (e.g. Upload, see below). There are many of these and it should be possible to specify which action is executable by the user and which one is not. This is what the 'Run application' permission is for. So besides having permission on the content (in your case the site or library) you have to give Run application permission for the user or group on the necessary applications.
For example to make these features 'clickable', grant 'Run application' permission (it is at the bottom of the checkbox list) on these applications for your group:
- Upload button: /Root/(apps)/Folder/Upload
- Access the Edit page: /Root/(apps)/GenericContent/Edit
- Modify permissions: /Root/(apps)/GenericContent/SetPermissions
See more details here: Permission settings in production
(let us know if you do not find the application for the feature you want them to access - sometimes the application is not in the global 'apps' folder as in these examples, but under a lower level 'apps' folder, e.g. under the site)
