Without seeing the code, this is a guess....
If the user has exec rights on the procedure and the procedure is owned by the same principal as the tables, the user won't need update, insert or anything like that because of ownership chaining. Creating and dropping temp tables requires no permissions. Truncate table is likely the culprit (if done on a user table, not a temp table). Can you change that to delete instead?
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability