Is there a way to grant permissions in the Tekton dashboard? I.e. one group of people get to manually trigger new pipeline runs while another can only view?
The Tekton Dashboard documentation includes a walkthrough on setting-up an oauth proxy.
With that setup, the Dashboard will let you impersonate the user towards the Kubernetes API; you'll need to make sure that the users have access to the resources that are displayed by the Dashboard. Using RBAC you may define who can only view and who may create new resources.
If a user is not authorised, you will see error messages in the Dashboard. Better handling of the errors is on the Dashboard roadmap.