First, they really want to use the same dashboards for all of the data. Even then, yes, they perform searches against the data to build the dashboards they want. We, the admins, don't build the dashboards. However, we have to make sure that people only see what they're allowed to see.
As for the macro, that's an interesting idea, but I'm not sure it will work in our use case as we're supporting the different departments, hence why we're using roles to restrict who can see what. If a person switches departments, we need to make sure their roles are updated correctly so they now can't see their old department but can see their new department.
Edit: Even then, we don't want people who shouldn't see all of the data "forget" to put the macro into their queries. Out of, let's say 100 users, only maybe 5 need to be able to see all of the data.
... View more