In general we want to have “read only” users that do not have access to all queries in the system, but rather assign individual who is allowed to see which query / dashboard. In a larger organization it makes totally sense not to show all data to all users. Restriction via data sources are not useful for that as there can be a sensitive report and a non sensitive one on the same data source.
In general adding view restriction to dashboards seems very easy using the access_permissions. For queries that’s a bit more work. That’s why I’m thinking of creating a PR for view access for dashboards only and remove “view_query” permission for all normal users.

What do you think?

I think it would be great to be able to have users who can see the queries/widgets on the dashboards themselves but not have access to the list of individual queries outside the dashboards. It would make it a less intimidating interface for the users who don’t need to worry about anything but the dashboards.

agree … this is about simplification for the “view” only users… even if there might hundreds of queries/dashboards he/she only sees the one that are relevant.