I find it strange that in today's day and age individual logins are being created. We used to do it ourselves, when we were in Sybase.

The easiest way to get around dealing with creating each user is to attach security to Active Directory groups. Since there's more to security than DB security, by having the users setup in AD groups, the UI security can also take that information and use it to display application options.

It's a great idea to keep the information in tables and run the scripts to provide the appropriate rights. By having AD groups, the inserts/updates to those tables will be rare and the scripts will run quicker as well. On the other hand, since there will be so little changes, the tables would not be necessary and scripts can be created with the SQL needed and will be updated once in a blue to add the new AD group that needed some specific rights.