I have created a grafana user with read only permisisons. When I logged in as this user and view the network traffic in the browser I can see the queries used!
Even worse I can paste the query URI into a new tab, and even change the query parameters.
For security I would not want a read permission user to change or even view the actual queries.
How can this be prevented?