Our permissions do not determine the difference from read template and use template. Auditors are currently given read access to templates:

This was done assuming an auditor would also want to audit the insights and template information, however this is complicating the role into a Template-Reader + Auditor access.

Our docs do not mention reading templates for the Auditor role, so we should drop this permission. Calling it a bug, rather than trying to maintain backwards compatibility.

https://coder.com/docs/admin/users/groups-roles#roles

Reproduce

1. Create a new user, and make them an auditor
2. Create a new template, remove the everyone group from the permissions
3. Have the auditor user create a workspace from said template