If the operator is NOT a master operator, then there are other built in permissions you can use for that operator to make them “read only”.
If the operator is a “master operator” then there is something called “4 eyes authentication” for the windows console that you can enable. It is very clumsy to use it for it’s intended purpose, BUT you can use it to create a “read only” operator by requiring that operator have 4 eyes authentication, but then place NO operators in the approvers group for that operator. This means the operator would be disabled from doing anything that would normally require an approver to approve.
You can also allow access to Web Reports, which is always a read only interface for BigFix, and much lighter weight on the system than the console. This is definitely the best option to start with.