Short answer: Yes. But, you do it behind the scenes by limiting Oracle access..
- Give each user who will be writing UBEs a new (second) user ID; <user>-R for instance.
- Assign to these users an Oracle user that has only read access to the business data. (Write access will be needed to other areas since the process updates central objects....)
- Grant RDA access to the *-R users.
That will control updates to business data. Now, if you really want to make sure that these users can't update data...
- Create row security on these users that allow them to create only versions that start (or end) with some character string "UR00000" through "URZZZZZ" for instance.
- Secure all other users so they can not run versions in the same range.
That should do it.