Allowing a user only to run the existing notebooks and that's it

Hello. I’m using JupyterHub as a way to present my portfolio. So I will share links to my notebooks to interested people with the username and password and ask them to run the code I wrote. So ideally I want them only to be able to run the code and that’s it, not to modify notebooks or create any of their own, and not to navigate to some folders where I keep sensitive data (like passwords to Amazon S3, etc).

I can’t figure out how to do it. I know how to make notebook readonly or make a cell not editable, or make home directory read only( to prevent creating new notebooks) but even with these tricks implemented a user can still create a new cell (even without saving it) and run whatever code he wants or enter a terminal through jupyter and potentially remove all the limitations which I set and access files with sensitive data. Is there any way prevent this? Like I said ideally I want users only to run the existing code and that’s it.