My original layout was to map useing ingroup and set permissions to that group rather than the user. Since we are looking at more of a group centric achitecture. I already have this method working.
BUT, just in case rights gets added by user in addition, what I wanted to do was truthfully resolver the rights and see if the user in question has 'print' level rights to the printer. I wanted to use that as the 'ultimate' mapping mechanism.