Quote
... if I am logged in to the database as 'abcduser' then ...
Permit me to express some "surprise" at this.
In the vast majority of applications I've worked with, the application connects to the database using an "application" account that is centrally controlled and managed. I
do not allow individual users to connect to my databases! (OK, you have to Developers in, but end users? No way!)
At a stroke, this eliminates the vast majority of your permissions management headaches because you
only have to worry about your "application" accounts (and none for individual users).
OK, you still have to know who's connecting via your application, but that's just data in your own table and nothing to do with the database's security model at all.
Regards, Phill W.