Thanks EdVassie, but that does not really address the issue. I don't have a problem with internal SQL security on objects.
The issue is the delegated permission from Active Directory. I want to know the DOMAIN\SecurityGroup with which the DOMAIN\User has gained access to the database. As a work around I have a mapping table in my database that maps Active Directory users to their groups. This can be handled by .NET in the front end, but I won't even mention the legacy platform I'm working with here.
If I know the DOMAIN\SecurityGroup, which I have used for login and object permissions, then I can query sp_helprotect and determine what permissions the current user has on the object, and hence what controls to enable. Otherwise I would have to wait for a fail on commit, which would be annoying for the user as they would not know until the end of a process whether it will succeed.