You are correct about the SA access within a sproc...I only used it as an example as I didn't want to have to explain the whole security model I was looking for. 🙂

In the tests I've done, using the EXECUTE AS option within the sproc requires that the person calling the sproc has impersonation rights to that login...which I don't want them to have.