Users are also granted specific permissions on SQL Server, so if you go to some pages you can get an error message[1] because the current user doesn't have sufficient permissions on a particular table in SQL Server.
In a well written application it shouldn't be possible for a user to get to a page where they don't have permission to access it's contents. On the other hand, security at the SQL layer can provide a good second level of protection, particularly if the security at the web code level is poor.
Security is one of those things that you should work to make as simple as it can be and still do what you need it to. The simpler the system, the easier it is to understand, find loopholes, and use correctly.
Without knowing more about how your system integrates with AD, I can't say much more. Doing security at the per user/per table level sounds excessive for most systems though.
Jay