In practice this is rarely ever done (right).

Row-level permissions are possible, but it can get more complicated when certain users are only allowed to change a certain row in a certain kind of way but not in another.

I agree, but it does seem to become more compelling if you're doing your integration in the database.