Good News! It appears that in Splunk Enterprise 8.1 they have added this. Direct quote from authorize.conf for version 8.1+ (just search for it in there): srchIndexesDisallowed = <semicolon-separated list>
* A list of indexes that this role does not have permission to search on or delete.
* 'srchIndexesDisallowed' takes precedence over 'srchIndexesAllowed', 'srchIndexesDefault'
and 'deleteIndexesAlowed'. If you specify indexes in both this setting and the
other settings, users will be unable to search on or delete those indexes.
* Follows the same wildcarding semantics as the 'srchIndexesDefault' setting.
* If you make any changes in the "Indexes" Settings panel for a role in Splunk Web,
those values take precedence, and any wildcards you specify in this setting are lost.
* No default.
... View more