root is a group. Are the files in question all accessible by that group?
What you really want is something akin to
sudo,
SUDO in HP UX : A small presentation | SYSADMINSHARE.
Then simply write a script that does precisely what is requested, and only that, then create an account that cannot do much else except login and run
sudo /path/to/myscript
This way you can control what they are doing, reading only the filelystem in question and not using the root group - which has privilege.
The downside is you will have to install sudo. First. See if it looks like you can use it and are allowed to install it.
Plan B would be to create a chroot jail for that account. And only allow visibility to the mountpoint of that filesystem with readonly access. You will have to supply local copies of whatever commands you/they include in the scanning script. And not allow any write access the script. Ownership has to be other than the account you create.