This seems backwards to me. When you build the user the first time, it should have no privs other than PUBLIC. Then grant individual privs. Better yet, make a DB role with the correct privs to the individual objects and then grant membership to that role.
You should also consider the idea of using Windows Authenticated Groups and Users.
--Jeff Moden
Change is inevitable... Change for the better is not.