Rows aren't MSSS securables which could be arguments of GRANT /REVOKE privileges. So you need your own dictionary or whatever storage to keep, grant, revoke privileges you need. So you can use any of MSSS users, or logins, or your own identities of your dictionary as principials of the projected security system.