While working on an enterprise customer site the SQL Server security configuration required the principle of least privileges. You can of course go down the rocky road of trial and error however the SQL 2014 Database Engine Permission Poster was invaluable in applying the correct configuration.
In my case the Database Permissions – Schema Objects section was particularly useful. Some DB schema required a higher elevation of permissions than standard CRUD particularly regarding changing object ownership. I had ensured that the application database objects were organized into specific database schemas depending on the application functional area; those database schemas worked a treat for permissions configuration inheritance. BTW I would strongly recommend assigning permissions to database roles rather than directly to AD groups. The combination of using the DB engine permissions poster as a guide plus configuring database roles made for swifter User Acceptance Testing!