As far as I see, the only way to grant the right permission is assign it the ‘edit_posts’ capability. The problem is that this role must not manage posts!

Is there a smart way to do that?
Otherwise a solution, maybe not the best one, is to assign it all the right capabilities on posts and then hide posts from the menu bar ??

Thanks!

If security is an issue, then just hiding posts is not a viable approach and you need to find something that works within the roles and capabilities system. If those who can edit posts should be allowed to also edit banners, one solution would be to utilize regular posts as the banner post type and create a custom post type with its own capabilities for the purpose we normally use posts for. Users who can edit this new post type would also have capabilities to edit banner posts as well as attachments.

If each user group must be completely independent with no cross over (except for admins), you would likely need to create custom attachments to go with the custom post type. This likely means building a custom attachment UI as well, not a trivial matter.

Thanks