It seems currently if a user has access to data but not to the card collection, they cannot see the card in dashboards.
Given that they have been granted access to the data, shouldn't they be able to see the card? (but of course no drillthrough should be allowed as they don't have access to the card).
We have sign-embedded Metabase in Salesforce. I have a collection for embedded objects used in the embedding that nobody has access to.
I duplicated one of these embedded dashboards to another location where people have access so they can see the dashboard. Although I gave them data access, they cannot see the dashboard cards (permission issue).