Hello,
Currently, this is, probably, the best way how you can implement your requirement. If you've configured the Security Role in the way as we've described in our previous post (that is, added the Read permission for Group objects only), your Security Role will allow all your users only to view all groups located in the domain. The Read permission allows users only to view objects, not modify anything, so they won't have access to changing something that they are not supposed to.
In the future, we are planning to add support for value references in Business Unit. That is, it will be possible to specify value references in Business Unit Membership Rules. When this is implemented, you will be able to create a Business Rule containing all groups that a user is a member of, and assign the Security Role over the Business Unit.