From 4919975f137f95fac886e1e945a4ed0400d4924b Mon Sep 17 00:00:00 2001
From: Steven Masley <Emyrk@users.noreply.github.com>
Date: Sun, 2 Oct 2022 18:54:57 -0400
Subject: [PATCH] chore: Remove template-admin can create/update/delete
 workspaces (#4280)

Cannot crud someone else's workspace
---
 coderd/rbac/builtin.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/coderd/rbac/builtin.go b/coderd/rbac/builtin.go
index 4540538ce3..7115162d75 100644
--- a/coderd/rbac/builtin.go
+++ b/coderd/rbac/builtin.go
@@ -111,7 +111,7 @@ var (
 					ResourceTemplate: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
 					// CRUD all files, even those they did not upload.
 					ResourceFile:      {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
-					ResourceWorkspace: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
+					ResourceWorkspace: {ActionRead},
 					// CRUD to provisioner daemons for now.
 					ResourceProvisionerDaemon: {ActionCreate, ActionRead, ActionUpdate, ActionDelete},
 				}),