Customer is using Oracle 9i with ASP web pages (not using app server)

Customer wants to minimize account management in database, so requirement is to have users log into webserver and webserver will perform all database access through single database account.

Their plan is to have a table in database with usernames and what ASP scripts they can execute. This will limit what users can do in database.

Since most of my experience is with client/server apps, I'm looking for what data access security methods people use for web apps looking at Oracle databases.