Is there any way to create a user role with read-only access to a specific set of indexes?
Have a look at this, might be useful to you:
let me know if this helps!
You can create a role with only read access. You can go to settings >> access control >> roles
You can know more from the following link
settings >> access control >> roles
Interesting thing as Splunk roles are designed for read access, not for write access and each role has read access to a set of indexes.
If we look at About users and roles
It defines the user role as -
-- this role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.