I was setting up security for general users on a production Microsoft SQL database. The security configuration needed to allow the users to execute stored procedures called from a WPF application. Here are the steps I took using Windows Authentication.

1) At the database security level, I did not assign the users to any specific database roles, so the users, by default, were assigned to the public database role, which provides minimum permissions and privileges.

2) Granted Execute Permissions on the stored procedures:  Grant Exec On StoredProcedureName To User/AcitveDirectoryGroup  (We assigned the users to an Active Directory group).   Below is some sql code to simplify the process:

SELECT 'GRANT EXEC ON ' + name + ' TO ' + '[ ActiveDirectoryGroupName ]'
FROM sysobjects
WHERE type = 'P' AND category = 0 And name not Like 'sp_%'
Order By name

3) Deny view capabilities to the public role:

Use DatabaseName
GO
DENY VIEW DEFINITION TO public;  

Further Refinded:

DENY VIEW DEFINITION TO [ActiveDirectoryGroup]
GRANT VIEW DEFINITION TO [ActiveDirectoryGroup] 


I subsequently found other ways to grant Exec privileges through the creation of a db_executor role.

 a) Grant Exec at the database level through a db_executor role      
              
     CREATE ROLE db_executor
     GRANT EXECUTE TO db_executor   exec sp_addrolemember 'db_executor','YourUser'  
 
b)  Grant Exec at the schema level

       GRANT EXECUTE on schema::dbo TO db_executor