you create multiple roles which contain the permissions you want to be able to assign;
adding a user and granting permissions are a three part process.
first you really needed to already have a ROLE in your specific database that has the permissions you want to give access to;
users are also a per-database object, that are tied to a login, so to do the same to a second database, you repeat the same steps(except if the login exists)
here's an example of creating a role,and giving that role Read access to the tables, and also execute permission to stored procs and functions you created in that specific database.
In your Case, I imagine you want to Create a Role that has permissions to very specific objects, but we'll wait to see if you need to provide more details.
USE [SandBox] --my db for users to do stuff.
CREATE ROLE [ReallyReadOnly]
--give my new role READ permission to ALL tables
EXEC sp_addrolemember N'db_datareader', N'ReallyReadOnly'
--explicitly DENY access to writing
EXEC sp_addrolemember N'DB_DenyDataWriter', N'ReallyReadOnly'
--give my new role permission to run the procedures you've created
GRANT EXECUTE TO [ReallyReadOnly]
now that the role is created, we can add a LOGIN to the master database
IF NOT EXISTS (SELECT * FROM MASTER.dbo.syslogins WHERE name = N'bob')
BEGIN
EXEC MASTER.dbo.sp_addlogin @loginame = N'bob', @passwd = 'NotARealPassword', @defdb = N'SandBox', @deflanguage = N'us_english'
END
now that a LOGIN exists, lets add a USER, tied to that login, to our database
--make a user in the db for the matching login
CREATE USER [bob] FOR LOGIN [bob]
finally, add our user bob to the role we created
EXEC sp_addrolemember N'ReallyReadOnly', N'bob'
Here's an example for a couple of specific tables:
Exec sp_addrole 'MyRole'
GRANT SELECT ON MyTable TO MyRole
GRANT SELECT ON MyTable2 TO MyRole
GRANT INSERT, UPDATE, DELETE ON MyTable2 TO MyRole
EXEC sp_grantdbaccess 'Corporate\JeffL', 'Jeff'
EXEC sp_addrolemember 'MyRole', 'Jeff'
Lowell