1. create a login, preferably one that uses Windows authentication

2. create a database user by granting database access to the login

3. give the user SELECT permission to the objects you want the user to       access or add the user as a member of the db_datareader fixed database role if you want the user to access all tables in a database

You can do all of this in Enterprise Manager or use system stored procedures:

sp_grantlogin, sp_grantdbaccess.

By the way, you'll get more responses if you post in the SECURITY forum rather than this one, which is a testing forum.

Greg