Seeing Portlets, from what I have been able to tell, is related to Business Group Role.
Users - Can see user-like portlets (MY). Anything IaaS is a no go.
Support Users - Can see both, but the actual items in the IaaS lists are only present for the Business Groups they are Support Users in.
You can be a Support User in one Business Group and see all IaaS portlets, but only relevant to your business group. This has the downside (matter of perspective) of allowing you to also see ALL ITEMS in the business group as well as the ability to make an On Behalf Of request.
For our part, we only leverage the Support Users role and limit Actions and capabilities through other means.