Create a extended event to capture permission denied messages
CREATE EVENT SESSION [PermissionDenied] ON SERVER
ADD EVENT sqlserver.error_reported(
ACTION(sqlserver.client_app_name,sqlserver.client_connection_id,sqlserver.database_name,sqlserver.nt_username,sqlserver.sql_text,sqlserver.username)
WHERE ([sqlserver].[like_i_sql_unicode_string]([message],N'%permission%') OR [sqlserver].[like_i_sql_unicode_string]([message],N'%denied%')))
ADD TARGET package0.event_file(SET filename=N'PermissionDenied',max_file_size=(250),max_rollover_files=(2))
WITH (MAX_MEMORY=4096 KB,EVENT_RETENTION_MODE=ALLOW_SINGLE_EVENT_LOSS,MAX_DISPATCH_LATENCY=30 SECONDS,MAX_EVENT_SIZE=0 KB,MEMORY_PARTITION_MODE=NONE,TRACK_CAUSALITY=ON,STARTUP_STATE=ON)
GO
ALTER EVENT SESSION [PermissionDenied] ON SERVER STATE = START; -- STOP;
GO