Hi - on 7.17.x, basic / OSS.
Older versions of Kibana permitted manipulation of the reporting_user privilege so that read-only users could be granted access to reporting.
Now ([1], [2]) the role is "cusomisable" via the UI, but only by granting "all" access to dashboard and/or discover.
The problem is that this doesn't work in a situation where folks are being given read-only access to a dashboard: this would then permit them to modify the dashboard (which we don't want).
Have I got that right?