This issue is very similar to KYLO-672. A user being added, either directly or through one or more groups, as a member of a role with feed edit or detail access permission granted, will implicitly be granted access to the feed's template; even if there is no role assignment granting this access explicitly. This was a requirement due to our metadata model dependencies. The problem is that there is not an easy way to determine when this template access can be revoked when the feed's access is revoked, as there may be other feeds the user still has access to built from the same template.
Fixing this issue on the kylo-services side is easy. The main problem is that the Kylo UI has a strong expectation that, when viewing/editing the feed details, the feed's metadata will have template metadata attached to it. The UI should be able to handle the feed metadata not having template metadata when the user does not have the rights to see the template.