Hi Pratik,
I don't know from where you heard that restricted user can make changes in the database.
When you create Restricted User, it does not get any predefined roles not even PUBLIC role and can connect to HANA only via HTTP/HTTPS.
Restricted User can't perform anything, he can not even create objects in its own schema.
Whatever authorizations you give him that will only work.
For your requirement, You can create a restricted User and just give him access to Views that are used by your App and that should be enough.
Additionally, you can check my blog:
HANA Security: Creating End Users with minimal rights
For more details on restricted user, read HANA Security Guide:
User Types - SAP HANA Security Guide - SAP Library
Regards,
Vivek