Ok, I finally got the company working towards having a new log in for our app that will only have the exec rights of the Stored Procs the app uses. The problem is we came up with an issue using dynamic sql. Seems that SQL2k wants to have select rights to the table you are using to select from when generating a dynamic string within the stored procedure:
declare @test varchar(100)
set @test = 'Select * from table'
--exec sp_executesql @test
Both exec statements want to have select rights to the table. Is there a way around this or am I screwed and have to rewrite these stored procs so that it doesn't use dynamic sql?