I think dashboard-group permission is much more clear/controllable than datasource-group permission.
In most cases, dashboard management will be like this:
- Use prestodb to link all possible data sources, and add prestodb as single data source to redash.
- Devs create/manage several dashboards. Some of them are common, others contain sensitive plots.
- Assign each dashboard to some viewer groups. They can only view current state of dashboards and cannot refresh it manually. Dashboards update only trigger by devs or sql-auto-refresh.
In my case, there is no way to make sensitive dashboards only accessable by specified groups, which is very common permission scenario. Furthermore, the method of per-table access control / database accounts is very inconvenient.