Is it possible to obfuscate lookups that users are do not have access to? I don't think it makes sense to display lookups and kv-stores that the users don't have access to edit. Also they're able to open them in the viewer which may be a bit of a security breach.
We would like our users to only see what they can edit.
Seeing only what you can edit is not very helpful, IMO. Users must have read access to the lookup files needed for their dashboards and reports. Without read access, users will see "lookup file not found" errors.
Only those few (typically admins) trusted to make changes to a lookup should have write access.
If you modify the permissions of the lookup and remove read access from that user's role then they will not be able to see it in the list of available lookups.
That suggestion is, unfortunately, a non-stater in our environment. We have multiple SHCs all of which have over 300+ lookup files... Most of these lookups are the ones that come baked-in with other apps/TAs.
There has to be a better way of obfuscating those files. The stanza below is not helping as I'd hoped.
[lookups]
access = read : [ ] , write : [ admin ]
If you only want those with write access to have read access then it shouldn't be that difficult to add this to all of the apps with lookups you want to hide. I'm not suggesting doing this one-by-one by hand but manipulating the permissions with metadata seems to be how this is done.