I really like that you found a natural place for this in groups, I think though that we should have a dedicated tab on the groups page cause I don’t think this fits into activity.
Maybe between “Messages” and “Manage”: if you have 1 or more reports you can (and you are an explicit member of the group) tab shows up.
That also gives you a bit more width to work with.
People with access to a report should be allowed to “add params” if it is a paramaterized report and run it with the same controls we have on admin. On the fence about if they should see the SQL so I guess no for now.
Regarding where to place the permissions: I would prefer if it is less obtrusive on the admin page, I guess we can start there but with less text.
I say, feel free to get started if this feedback all makes sense!