Is there any way to create a user role with read-only access to a specific set of indexes?
Have a look at this, might be useful to you:
https://answers.splunk.com/answers/10582/permissions-on-indexes-and-sourcetypes.html
let me know if this helps!
You can create a role with only read access. You can go to settings >> access control >> roles
You can know more from the following link
https://docs.splunk.com/Documentation/Splunk/7.2.3/Admin/Aboutusersandroles
Interesting thing as Splunk roles are designed for read access, not for write access and each role has read access to a set of indexes.
If we look at About users and roles
It defines the user role as -
-- this role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.