Restrict Variable Set precedence in Terraform Workspace



We are trying to facilitate end users with Workspaces that will have variable sets associated. for successful execution.
The problem is with the variable precedence, the end users could override values and possibly cause damages to the shared infrastructure resources that we are trying to protect. (ex: Subnets assigned)


Is there a way to restrict end user not override any values set in Variable set? (Settings / Sentinel / Run task)

If not, are there other ways we can enforce such protection without having to hardcode the values in Modules ?

Thanks !