A Domain Windows Account has rights execute a Scalar Value Function that it not should. The Domain Windows Account is member of Domain Windows Group called VBAS_GVerkstad, thatâ€™s maps to SQL Server Login and the Database User in the database. Itâ€™s the same name for AD Group, Login and User. I have also check User is part of role GVerkstad, â€œPublicâ€.I understand the db user or database role can get associated permissions at the following levels, the Server Level, Database Level, Schema Level, Database Role level, Application Role level or object level.I have tried to check these different levels to find out where the exec permission comes from. I understand that I can use sys.database_permission to get a listing of the permissions. But Iâ€™m really not able to find the spot or spots that gives the permission.