Having said that ----
This works - d/k if it does exactly what you want:
DECLARE @command nvarchar(100)
DECLARE @par nvarchar(100)
DECLARE @user nvarchar(100)
DECLARE @commandString nvarchar(400)
SET @command = 'GRANT VIEW DEFINITION'
SET @par = '''P'',''U'''
SET @user = 'guest'
CREATE TABLE #tmptab (Kju varchar(max));
SET @commandString =
'INSERT INTO #tmpTab SELECT ''' +@command + ' '' + SCHEMA_NAME(schema_id) + ''.'' + [name] + '' TO ' +@user+
''' FROM sys.objects
WHERE [type] IN ( '+@par+' ) AND is_ms_shipped = 0;'
PRINT @commandString
EXEC sp_executesql @commandstring
By the way, I wouldn't call the sp 'Permissions', as SQL is colouring it, so it may cause a problem. Best to call it something distinctive & unique.
MS also recommend using the schema names too e.g. EXEC dbo.xxxxxxxxxxxx