I Guess sort of hoping for a matrix of basic objects and permissions (Assuming no custom code), e.g.
alter table, schema -> Required for CI or Staging
Analytics_HourHits -> SELECT, INSERT (if using analytics)
CMS_LicenseKey -> SELECT
CMS_Tree -> SELECT (UPDATE, DELETE for Staging, CI)
CMS_User -> SELECT, UPDATE (If using auth)
Just a rough idea, even if it was list of know exclusions, its just without digging into code its difficult to know what can be restricted. e.g. I assume for the Live site execpt for staging you would only need SELECT on CMS_Tree etc..
Also doesn't CI and staging run through the Admin site, so that could be a different user?