Permissions Questions created from Models/Saved Questions

I'm on 0.42.0 of the self-hosted metabase.

We often create Models/Saved queries, and provide create questions from those, which we would like to be filtered down to and provided to specific groups.

The issue I'm having is that any dashboard or question I create, all questions must be within that groups permission set, even if it's a "Sub question" or just a dashboard. If I've added it to the dashboard, I expect them to be able to view the question. It often breaks with a "e.type" throwing an error instead of a graceful failure.

We often have tables containing rows for one group of users and other rows for another group of users, how would we go about not duplicating the query if sub-questions require the same permissions? I'd love to be able to just say "Here's your view of this question" and not provide them the option to edit, by just allowing them to view the dashboard

I hope that makes sense, is there any way to solve this? Is this an upcoming feature?

Hi @iredmedia
Sounds like you're trying to do what Sandboxing does:

You can add the questions to a view-only collection.

There has been a lot of permission changes to 42, which should allow us to expand those in the future: - upvote by clicking :+1: on the first post

I believe since I'm using the community edition I do not have access to sandboxing? This does seem like a reasonable solution to the problem, it's just seems like overkill for what I really want which is:

Question 1 created only admins can see
Question 2 = Filtered Question 1, anyone can VIEW but not edit filters etc. Sandboxing just seems like an approach that would be more db focused than question focused? I've upvoted though

@iredmedia You are basically trying to do something similar to Sandboxing. I know you are using the free open source edition, which doesn't have such capabilities, just wanted to mention it.

You can do what you are looking for by removing the data permissions and giving collection view permissions: