I would build a list of actions or reports that you want your end users to run. Then build a list of objects that you want to allow them to run these against. This way you can give them a listing of stuff they can access and what they can do to it.
Now you'll be able to tune the SQL to run the way you want and users are limited in the damage they can do.

The orig point of SQL was to provide this exact service. Use simple words to ask questions and get results:

SELECT EMPLOYEE, PHONE_EXT FROM PHONE_LIST WHERE EMPLOYEE = 'PERL HACK
+ER';
[download]

Oracle has developed a tool called WebDB that will do something similar to what you're asking for. It's main target is workgroups that want to point and click write their own queires and reports and publish them on the web without having to actually code anything. (or maybe that's just the best use I've found for it :) You can read more about it and download a free trial over on the Oracle Technet site.

Good luck. I'd be very interested to see what solution you come up with for this.