At Ro we have a significant number of data access permutations (the usual financial + operations + pci levels plus a variety of HIPAA buckets). We also want to minimize the amount of time it takes any Looker user/analyst at Ro to disseminate useful information to the entirety of the company.
Rather than maintain a large number of parallel models, dashboards, and look spaces we’ve opted for column-by-column permissions.
This means that all of our Looker users can see all explores and the names of all possible dimensions and measures. However, if they try to access a dimension or measure in an explore for which they do not have access they will simply get no data. If they are trying to view a visualization/look that someone else created that has information that they are not authorized to access, they will see that the visualization exists but they will not be able to see any data.
For full functionality and implementation details please see this Looker Discourse article