Finding Denied permission

Last week, apparently I messed up revoking some permission and ended up denying it instead so this week, I’m having to go find which user has denied permission when it should of been revoke.  The following query got me thru it:

SELECT  USER_NAME(grantee_principal_id) AS ‘User’
, state_desc AS ‘Permission’
, permission_name AS ‘Action’
, CASE class
WHEN 0 THEN ‘Database::’ + DB_NAME()
WHEN 3 THEN ‘Schema::’ + SCHEMA_NAME(major_id)
END AS ‘Securable’
FROM    sys.database_permissions dp
WHERE   class IN ( 0, 1, 3 )
AND minor_id = 0
AND state_desc = ‘deny’