Skip to main content

Simply update the use statement with your database name and run the query, it will show you all your denies on database objects and to what role and user they are denied.

-- Find Deny permissions on database objects
--
-- Simply update the use statement with your database name and run the query, it
-- will show you all your denies on database objects and to what role and user they
-- are denied.

use <database_name>;

select l.name as grantee_name,
    p.state_desc,
    p.permission_name,
    o.name
from sys.database_permissions as p
join sys.database_principals as l
    on p.grantee_principal_id = l.principal_id
join sys.sysobjects o
    on p.major_id = o.id
where p.state_desc ='DENY';