Advanced user permissions, or a new user category, to allow users to make heatmap/custom report as View user

[atom-box]

Design a new permissions level that is in between View and Administrator.

A user requested it:

My question: is there a way to have "viewer" permissions extend to custom reports and heatmaps? 
These are very simple reports and do not require any skills or safety measures. Or, can we take away 
certain rights from some admins?

Currently in our company, we have to give out Admin rights to a high number of users who interact 
with Matomo, because this is the only way we can ensure that these users can create custom reports, 
or heatmaps.

However, it is a very inconvenient solution to us that these users can also create custom goals, without 
any checking in place from a more advanced matomo user, or someone who can verify that the goal was 
set up correctly. This has lead to some misleading goals being tracked.

[atom-box]

Other suggestions for more granularity in the User-Permissons: https://github.com/matomo-org/matomo/issues/3389 https://github.com/matomo-org/matomo/issues/11149

[bx80]

Thanks for reporting this valuable feedback @atom-box :+1: Seems there is a good case for a more comprehensive user permissions system, this would understandably be a large change requiring some careful design. I've assigned this enhancement for prioritization.

[atom-box]

A high traffic user suggested the opposite:

I want to allow user A to view the session recording data on website A, but I do not want user B to view it.

(We could solve this if we could set Heatmaps / Session Recordings to be only viewed by "admin" or "write" users, either globally or per each site.)