When trying to create a Read only account (Priv Level 5), and logging into the ASDM using your readonly account you receive the following error,

you do not have sufficient privileges to execute commands required to load asdm

Solution

This is due to the privilege levels not being configured correctly. The following will give you the following 2 accounts,

Monitor-Only - Privilege level 3
Read-Only - Privilege level 5

1. Set your AAA settings (be careful adjusting the AAA settings already in place as this could lock you out of the firewall !), and also remember that if you set the AAA authorization command this will enforce all privilege levels.

aaa authentication ssh console LOCAL
aaa authorization command LOCAL

2. Set your privilege level settings,

privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command uauth
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server

privilege show level 5 mode exec command running-config
privilege show level 5 mode configure command privilege
privilege cmd level 5 mode route-map command set
privilege cmd level 5 mode mpf-policy-map-class command set

3. Configure your accounts,

username fullaccess password abc123 privilege 15
username readonly password abc123 privilege 5
username monitor password abc123 privilege 3

Additional Notes

By default the ASDM will only honor 3 different levels, priv 3(read only), priv 5(monitor), priv15(admin).
For WebVPN configuration like bookmarks, smart-tunnels or portal customization, the ASDM loads the xml file and that functionality is pre-defined for privilege 15 users and it's something we cannot change. We would need to use a privilege 15 for this changes.