We have templates for specific types of projects that must be part of a specific portfolio and program. Creation of these projects is decentralized and when the template (which has the portfolio and program set) is used, the project does not go there because the project creator only has View access.
There needs to be a security level for portfolios and programs that allows a user to ADD projects, without being able to manage the whole thing.
Alternatively, when creating the template, allow a "use rights like" setting similar to the way you can run reports with another user's security. Then, we could create the template with elevated privileges and the project would be correctly aligned with its portfolio and program.
Our current workaround is reviewing new projects every week and aligning them manually, which is not fun.