Thursday, October 29, 2015

The SELECT permission was denied on the object 'extended_properties', database 'mssqlsystemresource', schema 'sys'.

Question: What I'm I doing wrong and I'm getting the below error message when trying to list my database's tables?

Answer: Are you ready for the simplest explanation ever? :)

The reason is that -most probably- (hey, you never know) you are using a SQL Server login that has conflicting permissions.

More specifically: The login you with which you are connected to the SQL Server instance, has the db_denydatareader database role assigned. This means, that whatever else database role the login has assigned to it, even db_owner, the db_denydatareader will be in conflict thus not allowing to access certain resources of the database.

How to fix that: If it is OK with your security requirements, remove the db_denydatareader role from the login. After that, you will be able to access the mapped database (if course the rest of the required permissions are in place).

Similarly, have in mind that you get the same behavior if you have write access to the database but also have the db_denydatawriter database role assigned to the login.

In general, be careful with the database roles you assign to any login and avoid giving conflicting accesses.

Check out my latest eBook on SQL Server:
Tuning SQL Server - Ebook

Easily secure your SQL Server instances! Try out DBA Security Advisor!
DBA Security Advisor for SQL Server by SQLArtBits
DBA Security Advisor was developed by SQLArtBits. The tool was being carefully developed for an entire year and it contains comprehensive security checks and recommendations based on proven SQL Server security best practices. Feel free to download and use the Community Edition which is free and if you find it useful, you can consider upgrading to the Enterprise Edition!

Artemakis Artemiou [MVP]

Author & Editor

Artemakis Artemiou is a Senior SQL Server Architect, Software Developer and Microsoft Data Platform MVP. He is also an author, regular blogger, president of Cyprus.NET User Group and CY Country leader of INETA-EU. He is also the creator of DBA Security Advisor and In-Memory OLTP Simulator. Artemakis is a frequent guest author of worldwide well-respected online journals where he writes articles focusing on many SQL Server topics.

Reference: The SQL Server and .NET Hub (