There are two aspects to this. One relates to changing things on the database, the other to running queries on the database.
You can constrain the user from doing anything damaging on the database as follow. You should create a Spotlight user with minimal database privileges. In Spotlight's Oracle User Wizard dialog, uncheck the fields Select any table and Alter system when creating a new user. This will prevent the resulting Spotlight user from doing things like killing sessions. It will essentially create a read-only environment, in the sense that the user will not be able to perform DBA-functions on the database.