Please help regarding access permissions in stand-alone DB


I am a Support Engineer and have had one of my clients ask me

Why would there be negative access rights in a stand-alone database?

I have a very limited understanding of SQL and my DBA is on extended leave so I am hoping I can get an answer from here. It is my understanding that negative access rights are created when the Deny command is used for a users access permission within SQL and that best practice is to use the revoke command to remove the negative permission entries but there has not been any DB administration performed so what else could cause this issue?

Many thanks in advance


Can anyone offer any help?

I am not clear on the problem you are facing. Do you see that there are DENY permissions applied on the database objects? From a user's perspective, when they are not able to access a database object, they wouldn't know whether it is because there is a DENY or whether they don't have access permissions.

First look at the login the client is using in SSMS object explorer. You can see this under the Server -> Security -> Logins node. If you right click on the login, you can see what permissions and roles they have.

Also, if you suspect there are denies on one or more objects, check which groups and roles have permissions denied on that object.