This information_schema view (my bold)
Returns one row for each table privilege that is granted to or granted by the current user in the current database.
This doesn't take into account roles etc: it all works on DATABASE_PRINCIPAL_ID
which can be seen if you look at the definition of INFORMATION_SCHEMA.TABLE_PRIVILEGES
Personally, I'd just use sys.database_permissions and not bother with the information_schema rubbish. This relies solely on Meta data visibility to filter rows, so you'll see the actual permissions unfiltered by the INFORMATION_SCHEMA.TABLE_PRIVILEGES view which adds a further filter that bollixes you.
For completeness, here is the view. Note the implicit "old style" JOIN :-)
CREATE VIEW INFORMATION_SCHEMA.TABLE_PRIVILEGES
AS
SELECT
USER_NAME(p.grantor_principal_id) AS GRANTOR,
USER_NAME(p.grantee_principal_id) AS GRANTEE,
DB_NAME() AS TABLE_CATALOG,
SCHEMA_NAME(o.schema_id) AS TABLE_SCHEMA,
o.name AS TABLE_NAME,
convert(varchar(10), CASE p.type
WHEN 'RF' THEN 'REFERENCES'
WHEN 'SL' THEN 'SELECT'
WHEN 'IN' THEN 'INSERT'
WHEN 'DL' THEN 'DELETE'
WHEN 'UP' THEN 'UPDATE'
END) AS PRIVILEGE_TYPE,
convert(varchar(3), CASE p.state
WHEN 'G' THEN 'NO'
WHEN 'W' THEN 'YES'
END) AS IS_GRANTABLE
FROM
sys.objects o,
sys.database_permissions p
WHERE
o.type IN ('U', 'V')
AND p.class = 1
AND p.major_id = o.object_id
AND p.minor_id = 0 -- all columns
AND p.type IN ('RF','IN','SL','UP','DL')
AND p.state IN ('W','G')
AND (p.grantee_principal_id = 0
OR p.grantee_principal_id = DATABASE_PRINCIPAL_ID()
OR p.grantor_principal_id = DATABASE_PRINCIPAL_ID())
Not really anything obvious.
The easiest would be if you have a backup you could restore to view it.
Otherwise you'll properly try - either yourself, daunting, or via commercial tools to find a tool that lets you explore the transaction log for the given changes.
For example something like: http://www.apexsql.com/sql_tools_log.aspx
I've not tried out such tools myself so I cannot vouch for them.
I usually get by either by having backups to search, or in some cases, I've set up change tables to log changes to critical data.
Best Answer
The Snapshot Agent process account used to connect to the Distributor must be db_owner in the distribution database and have read, write, and modify permissions on the snapshot share. The account used to connect to the Publisher must be db_owner in the publication database.
The Log Reader Agent process account used to connect to the Distributor must be db_owner in the distribution database. The account used to connect to the Publisher must be db_owner in the publication database.
The permissions required by the Distribution Agent process account depend on whether you are using push or pull subscriptions.
For push subscriptions, the Distribution Agent process account used to connect to the Distributor must be db_owner in the distribution database, be a member of the PAL, and have read permissions on the snapshot share. The account used to connect to the Subscriber must be db_owner in the subscription database.
For pull subscriptions, the Distribution Agent process account used to connect to the Subscriber must be db_owner in the subscription database. The account used to connect to the Distributor must be a member of the PAL and have read permissions on the snapshot share.
The is all covered in the section Permissions That Are Required by Agents in Replication Agent Security Model.