I understand the approach, but I don't understand the reasons for it.
Wouldn't it be a lot easier to just:
1. Create stored procedures for all data modifications;
2. Have checks for validity of any modification in those stored procedures, not in the web application (or at least not ONLY in the web application);
3. Make sure that these stored procedures have the same owner as the tables;
4. Deny all users all rights to all tables;
5. Grant execute rights on the stored procedures to the userids that need those rights.
This way, even if a hacker found his way into the database server, he'd still have no way to alter data. The only thing he could do is execute the stored procedures - and those will still perform all their checks before carrying out any modification.
Am I missing something?
Best, Hugo