thx all. the reality is that with self service bi, people are going to get access to tables and views.
its funny because column level security is so much easier in tabular cubes. But i cant justify taking our org in that direction for just this reason.
i think i like the "sensitive" table approach. I can put as many layers of security as i want on something like that. one of our cm guys even wants a separate account for accessing this part of the system. And a separate ssrs shared data source. and a separate ssrs folder. I'm guessing he wants pinch points where he can shut down misuse more easily. sounds a bit like overkill but not worth debating in my mind.
I'm guessing that erland says i might regret the grant approach because maintaining such a thing could get unwieldy.