I have a SharePoint Site that is for our Human Resources Team. Since this site has employee information on it we have it restricted where no one but HR has access to the documents on the site by default. I created an "Employee Records" document library where each employee gets a custom document set created for them with a content type called "Employee Record". By default, no one but HR has access to these document set folders. To accomplish this, I removed "Visitors" access to the document library. So only HR Members and HR Owners have access. We then share out the Employee document set to that employees manager. That way that manager only sees the document sets (Employee Record) for their employees. This all works great and I even have a Flow running that manages all the permissions on a nightly basis based on what is assigned in Active Directory.
The issue I am running into is with the other Template Documents created inside the document set. For instance, I have custom document types and templates uploaded for "Training Requests", "Employee Reviews", "Separation Agreement Letters" and so on. The goal is to have the Manager or Employee to create a new file from the template. However when they try nothing happens. I suspect it's because they don't have permission to the template files. Everything works fine for HR staff or site owners since they have permissions to everything.
This all lives in SharePoint Online. So where do I need to go to permission these template files so Managers and Employees can create them on the fly in their Document Set? If HR or Site Owner creates the file for them first, they can edit the file without issue. They can even upload their own documents into the document set. Just can't create new ones with our pre-defined document types.