It's simple really in that Securables can be manually editted for that user, unfortunately there are a large number of procedures potentially required - in fact it is a 3rd party product so we won't have a full list of required procedures until we've run the process repeatedly weeding out each issue as it arises.
The answer :
select 'Grant Execute on ' + name + ' to "username"'This works nicely by outputting a full list of statements that can be copied from the output and executed in the query window in SSMS. The important feature here is the username - this is the full username ie if you are using Windows accounts it will be DOMAIN\user enclosed in the shown speech marks to ensure spaces are handled properly.
from sysobjects where xtype in ('P')