EXECUTE AS didnt seem to offer any kind of help. It seems to me that a person still needs the grant which overrides the credentials of the acct specified in the EXECUTE AS clause. Makes me wonder what the EXECUTE AS is for.

I'm thinking as a safeguard maybe some sort of naming convention that requires the the words READ and ONLY be in the proc name so dba can catch any attempt to put some sort of update etc in such a proc. Also, maybe a report for our auditors that identifies procs with these words in it that explicity contain any sort of update and/or execute another proc or udf.