When you use EXECUTE AS, you impersonate a database user, not a server login and you are sandboxed inside your database. You can break out of the sandbox - and open a security hole while you are it.

I have a longer article on my web site that discusses various techniques to grant permissions through stored procedures, and it includes two examples of how to solve exactly this problem, see http://www.sommarskog.se/grantperm.html