Just something I was considering, didn't know if it would be a waste of time or if anyone else is doing it.
I normally have a single database user account for a web-based applications. I normally implement security through username/password/seesion states with each user record also having a unique id and a security level. Throughout the application, I am verifying whether or not a user should be allowed to do certain functions based on id and security level.
I am condiering taking that one step further and adding multiple database users and groups. During the sign-up process, a CREATE and GRANT statement would be run to add a database user and make them a member of a certain group with certain privalages. The database connection string would be dynamic and use the username and password supplied by the logged in user.
I see benifits in having this: added layer of security, more flexibility in triggers and other database programming, and smoother developemnt into outside applications (wireless, remote client-side, or direct database access).
I also see drawbacks, namely more complications in development and debugging.