The difference between Roles (interactor, publisher, etc) and Rules (content-based permissions) can definitely be confusing at first. In this case, think of Roles as an upper-limit to what a user is capable of. So, in your example where you have a user with the Role of Interactor, but is in a group that is allowed to Publish, that user will still not be able to publish. Hopefully that helps.
Thank you that helps a lot