How to create a read-only MySQL user?

First, login as a MySQL administrator from your terminal / command prompt using the following command:

mysql -u root -p

You’ll prompted to enter the password. Type the password for the root account.

Create a new MySQL user account.

CREATE USER 'report'@'%' IDENTIFIED BY 'secret';

The % in the command above means that user report can be used to connect from any host. You can limit the access by defining the host from where the user can connect. Omitting this information will only allow the user to connect from the same machine.

Grant the SELECT privilege to user.

GRANT SELECT ON database_name.* TO 'report'@'%';

This command gives the user read-only access to the database from the local host only. If you know the host name or IP address of the host that the collector is will be installed on, type the following command:

GRANT SELECT ON database_name.* TO 'report'@'host_name or IP_address';

Execute the following command to make the privilege changes saved and take effect.

FLUSH PRIVILEGES;
SHOW GRANTS FOR 'report'@'host_name or IP_address';

Type quit. Finally, show the granted privileges of user to verify

Note for MySQL 8 it’s different

You need to do it step by step, in two steps:

CREATE USER 'readonly_user'@'localhost' IDENTIFIED BY 'some_strong_password';
GRANT SELECT, SHOW VIEW ON *.* TO 'readonly_user'@'localhost';
FLUSH PRIVILEGES;

Additional Read only Permissions are

SHOW VIEW : allows them to show view schema.
SHOW DATABASES : allows them to show databases.
REPLICATION CLIENT : allows them to check replication/slave status. But need to give permission on all DB.
PROCESS : allows them to check running process. Will work with all DB only

Various permissions that you can grant to a user are

ALL: This would allow a MySQL user all access
ALL PRIVILEGES : This would allow a MySQL user all access 
CREATE : allows them to create new tables or databases
DROP : allows them to them to delete tables or databases
DELETE : allows them to delete rows from tables
INSERT : allows them to insert rows into tables
SELECT : allows them to use the Select command to read through databases
SHOW VIEW : allows them to show view schema.
REPLICATION CLIENT : allows them to check replication/slave status. But need to give permission on all DB.
PROCESS : allows them to check running process. Will work with all DB only
UPDATE : allow them to update table rows
GRANT OPTION : allows them to grant or remove other users' privileges

To provide a specific user with a permission, you can use this framework:

GRANT [type of permission list separed by comma] ON [database name].[table name] TO ‘[username]’@'[hostname]’;

In bonus, To Revoke one or more privileges

REVOKE [type of permission list separed by comma] ON [database name].[table name] FROM ‘[username]’@'[hostname]’[, user2];

Example

REVOKE SELECT, SHOW VIEW, UPDATE ON mydatabase.* FROM report@localhost;

revoke all privileges:

REVOKE ALL, GRANT OPTION FROM report@'%';

In bonus, To drop a user

DROP USER [IF EXISTS] user [, user];

Example

DROP USER 'report'@'localhost'
or
DROP USER 'report'

The host name part of the account name, if omitted, defaults to '%'.

follow this link for the full GRANT statement

MySQL :: MySQL 5.7 Reference Manual :: 13.7.1.4 GRANT Statement