Tableau Server allows people to control the level of access that certain groups or users have to to their projects, workbooks, data sources etc. These permissions can only be established for users, groups, projects, or content that already exist, from the example below you can see the different setting available for the permission rules at the project level.
The template feature allows for a default permission setting for whether a user/group is a Publisher, explorer or a view. However, you can see that all users in the template has been set to 'denied', this overwrites all other permissions and thereby causes all users to denied those specific features at the project level.
The second screenshot highlights the permission settings that are available for the workbook level, you can see that there are far more options available. With the all users setting set to 'none', this will have no affect on the rest of the group/users.
There are more permission settings available for data sources, data roles, flows etc. as seen on the screenshot above.