1. create a login, preferably one that uses Windows authentication
2. create a database user by granting database access to the login
3. give the user SELECT permission to the objects you want the user to access or add the user as a member of the db_datareader fixed database role if you want the user to access all tables in a database
You can do all of this in Enterprise Manager or use system stored procedures:
By the way, you'll get more responses if you post in the SECURITY forum rather than this one, which is a testing forum.