A very important bug that affects the security policy and usability of looker studio! Please help us protect ourselves, maybe we don't see something. Thanks in advance. 

There are 3 main roles in looker studio: owner, editor and user with viewing rights. Even having viewing rights, you can make a copy of dashboard, because by default the access settings do not prohibit this. And in this copy of yours you become the owner, i.e. you have all the rights. And then in the "resource - added data sources" tab you can create copies of existing sources and change the sql-request to any, and you don't even need a password, and the IP  and  user's login are saved, and it all works. I checked it on my second email, not related to the company.

It turns out that any third party to whom we gave access to view dashboards could view our database with simple actions. You can protect yourself from this by enabling the setting "prohibit viewers from downloading, printing and copying", but this greatly spoils the work of our colleagues, who for convenience and further actions wanted to download tables from the lookers dashboard for themselves, but after the setting they will not be able to