select any table and create session are all that are needed for a read only user.
query
dba_tab_privs
dba_sys_privs
for individual privs granted to a user.
query
dba_role_privs - for roles granted to user.
role_sys_privs - sys privs granted to a role
role_tab_privs - tab privs granted to a role
role_role_privs - roles granted to other roles.
This should help you figure out what role/privs a user has.
revoke those he/she doesn't need.
[Edited by Sureshy on 05-31-2002 at 09:30 AM]
Once you have eliminated all of the impossible,
whatever remains however improbable,
must be true.