Disable relationship button on user dashboard can lead to an access denied

On one of our sites we grant basic authenticated users the "access contact dashboard" permission but not "access civicrm." We want these users to be able to join groups and disable relationships from the contact dashboard. We don't want to give them full "access civicrm" privileges though. Joining/leaving groups works fine from the dashboard because it targets the civicrm/user/* url. Disabling a relationship however targets civicrm/contact/view/* and requires "access civicrm" permission status.

It seems like actions that originate on the contact dashboard should have "access contact dashboard" permission checks not "access civicrm". Join/leave group does, but disable relationship checks for "access civicrm" instead and throws a 403 if a user only has "access contact dashboard."

Seems like these permissions should be made consistent in the next version. Also let me know if there is a way to configure permissions so that I don't run into this problem for now ...