DDL Triggers can help you.
---------------------------------------------------------------------
Create Trigger Deny_db_datareader
on Database
for ADD_ROLE_MEMBER
as
begin
SELECT 1 where EVENTDATA().value
('(/EVENT_INSTANCE/TSQLCommand/CommandText)[1]','nvarchar(max)') Like '%sp_addrolemember%db_datareader%'
If @@ROWCOUNT <> 0
Begin
Print 'Add Rolemember being called in this database.'
ROLLBACK
End
Print 'No Issues.'
end
---------------------------------------------------------------------------------------------
Better try this in non-prod environment.