you create multiple roles which contain the permissions you want to be able to assign;

adding a user and granting permissions are a three part process.

first you really needed to already have a ROLE in your specific database that has the permissions you want to give access to;

users are also a per-database object, that are tied to a login, so to do the same to a second database, you repeat the same steps(except if the login exists)

here's an example of creating a role,and giving that role Read access to the tables, and also execute permission to stored procs and functions you created in that specific database.

In your Case, I imagine you want to Create a Role that has permissions to very specific objects, but we'll wait to see if you need to provide more details.

USE [SandBox] --my db for users to do stuff.

CREATE ROLE [ReallyReadOnly]

--give my new role READ permission to ALL tables

EXEC sp_addrolemember N'db_datareader', N'ReallyReadOnly'

--explicitly DENY access to writing

EXEC sp_addrolemember N'DB_DenyDataWriter', N'ReallyReadOnly'

--give my new role permission to run the procedures you've created

GRANT EXECUTE TO [ReallyReadOnly]

now that the role is created, we can add a LOGIN to the master database

IF NOT EXISTS (SELECT * FROM MASTER.dbo.syslogins WHERE name = N'bob')

BEGIN

EXEC MASTER.dbo.sp_addlogin @loginame = N'bob', @passwd = 'NotARealPassword', @defdb = N'SandBox', @deflanguage = N'us_english'

END

now that a LOGIN exists, lets add a USER, tied to that login, to our database

--make a user in the db for the matching login

CREATE USER [bob] FOR LOGIN [bob]

finally, add our user bob to the role we created

EXEC sp_addrolemember N'ReallyReadOnly', N'bob'

Here's an example for a couple of specific tables:

Exec sp_addrole 'MyRole'

GRANT SELECT ON MyTable TO MyRole

GRANT SELECT ON MyTable2 TO MyRole

GRANT INSERT, UPDATE, DELETE ON MyTable2 TO MyRole

EXEC sp_grantdbaccess 'Corporate\JeffL', 'Jeff'

EXEC sp_addrolemember 'MyRole', 'Jeff'