In general we want to have “read only” users that do not have access to all queries in the system, but rather assign individual who is allowed to see which query / dashboard. In a larger organization it makes totally sense not to show all data to all users. Restriction via data sources are not useful for that as there can be a sensitive report and a non sensitive one on the same data source.
In general adding view restriction to dashboards seems very easy using the access_permissions. For queries that’s a bit more work. That’s why I’m thinking of creating a PR for view access for dashboards only and remove “view_query” permission for all normal users.
What do you think?