I have a user that is only assigned to the db role db_datareader and public. The user can see all the information_schema and sys views. As a test, I tried creating a separate role that denies view definition to the sys schema and removing the user from the db_datareader role, but the user can still see the views.
Any suggestions on how to deny view definition of the information_schema and sys views for a database?
The reason why I want to do this is because users do not want to see these extra views in their client applications when they are selecting user views/tables.
There does not seem to be a clear answer for this anywhere.