By "ambiguous" I mean that I don't want to have explicit column names in the stored proc. Because the tables can vary by client, I don't want to code the sproc with explicit columns. Basically, I use OPENXML for inbound and FOR XML AUTO for outbound. The selects are simple, but inserts and updates require run-time discovery of columns in order to create valid sql statements.

The end result is that I need to execute dynamic sql against tables, and I'd prefer not to leave the tables exposed except through these stored procedures. But since executing dynamic sql, even in the context of a stored procedure, requires explicit permissions, I'm stuck leaving the underlying tables exposed to the role all the time.