diff --git a/manifests/init.pp b/manifests/init.pp
index 69e8db5f113ebeb628e9e751117b34b45079530b..81685dd2966cc34686cfa19811cabe3383f1520d 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -10,6 +10,12 @@
 # [*mysql_backup_password*]
 #   The password for the user used for MySQL backups
 #
+# [*skadereg_ro_password*]
+#   The password used for the read-only user
+#
+# [*skadereg_ro_user*]
+#   The username used for the read-only user
+#
 # Authors
 # -------
 #
@@ -24,6 +30,8 @@
 class skadereg(
   String $mysql_password,
   String $mysql_backup_password,
+  String $skadereg_ro_password,
+  String $skadereg_ro_user = 'skadereg_ro',
 ){
   ::users::liu_user {
     'andal699':
@@ -147,14 +155,22 @@ class skadereg(
     subscribe   => Vcsrepo['/var/www/skadereg'],
   }
 
+  $db_name = 'homestead'
+
   class { '::mysql::server':
     root_password    => $mysql_password,
     databases        => {
-      'homestead' => {
+      $db_name => {
         ensure  => present,
         charset => 'utf8',
       },
     },
+    users            => {
+      "${skadereg_ro_user}@%" => {
+        ensure        => present,
+        password_hash => mysql_password($skadereg_ro_password),
+      },
+    },
     grants           => {
       'root@%/*.*' => {
         ensure     => present,
@@ -172,6 +188,15 @@ class skadereg(
     },
   }
 
+  ['entries', 'guardian_confirmations', 'users'].each |String $table| {
+    mysql_grant { "${skadereg_ro_user}@%/${db_name}.${table}":
+      ensure     => present,
+      privileges => ['SELECT'],
+      table      => "${db_name}.${table}",
+      user       => "${skadereg_ro_user}@%",
+    }
+  }
+
   class { '::mysql::server::backup':
     backupuser     => 'backupuser',
     backuppassword => $mysql_backup_password,