Restricting insert/update/delete/alter table operation on table owned by that user himself

I want to convert an existing oracle user into read-only user. For that I have given only create session privilege to that user, then also he can perform insert/update/delete/alter table operation on tables owned by himself.

Please suggest me any method to covert user into read-only user.