It could be hard to find the information about user rights on a Cisco ASA device.
Start the ASDM of the Cisco asa
Enable Server group ( LOCAL )
Set the ASDM Defined User Roles.
Enable the Perform authorization for exec shell access > to Local Server
Give the user an username and a password.
Go to Access Restriction. You could now choose which Privilege level the user could get.
Select 5 (Read Only)
After this click on OKE and save the configuration of the ASA. Next time that the user with the read only rights logon to the device. The user can only read the configuration and not change it anything.