Users with Limited Permissions Can Still Create Workspaces

Description

We are attempting to create a restricted role where users are unable to create or edit workspaces. This role should function similarly to thePlatform Member role described in theCoder documentation.

However, when testing, users assigned this custom role were still able to create workspaces, which is unexpected behavior.

Steps to Reproduce

1. Created a custom role.
2. Assignedonly theworkspace:application_connect permission.
3. Assigned this role to a user in thedefault organization.
4. Logged in as the user and observed that they were still able to create a workspace.

Expected Behavior

The user shouldnot have the ability to create a workspace, given that they only have theworkspace:application_connect permission.

Actual Behavior

The user was still able to create a new workspace despite lacking explicit permissions for workspace creation.

Environment

• Coder Version: 2.18.5
• Deployment Method: Helm
• Organization Settings: Default

Additional Context

We would like to clarify whether additional permissions are implicitly granting workspace creation or if this is a bug. If additional restrictions are needed to prevent workspace creation, please advise on the correct role configuration.

Possible Workarounds

N/A at this time.

Would appreciate any guidance on resolving this issue! 🚀