Usually security is a user-group-role kind of thing.
If you base your database security on individual credentials, you'll be chasing it forever.
Another approach is to GRANT appropriate permissions to roles (e.g., anonymous, admin, user, etc.) Create groups and assign one or more roles to each group. Add individuals to groups and you're all set. This solution assumes that individuals come and go, but groups and roles change more slowly. You can make addition to or removal from a group a request that requires some approval, but your app doesn't have to keep changing that way.
Security is authentication and authorization; both are cross-cutting concerns. I hope you're thinking about security in an aspect-oriented way.