View permission (dashboard first)

In general we want to have “read only” users that do not have access to all queries in the system, but rather assign individual who is allowed to see which query / dashboard. In a larger organization it makes totally sense not to show all data to all users. Restriction via data sources are not useful for that as there can be a sensitive report and a non sensitive one on the same data source.
In general adding view restriction to dashboards seems very easy using the access_permissions. For queries that’s a bit more work. That’s why I’m thinking of creating a PR for view access for dashboards only and remove “view_query” permission for all normal users.

What do you think?

I think it would be great to be able to have users who can see the queries/widgets on the dashboards themselves but not have access to the list of individual queries outside the dashboards. It would make it a less intimidating interface for the users who don’t need to worry about anything but the dashboards.

agree … this is about simplification for the “view” only users… even if there might hundreds of queries/dashboards he/she only sees the one that are relevant.