Rikard Pavelic <rikard.pavelic@xxxxxxxxxxx> writes: > Is this a bug or something? No, it's operating as designed. Per the GRANT reference page: : Depending on the type of object, the initial default privileges may : include granting some privileges to PUBLIC. The default is no public : access for tables, schemas, and tablespaces; CONNECT privilege and TEMP : table creation privilege for databases; EXECUTE privilege for functions; : and USAGE privilege for languages. The object owner may of course revoke : these privileges. (For maximum security, issue the REVOKE in the same : transaction that creates the object; then there is no window in which : another user may use the object.) You'll need to revoke the default public EXECUTE privilege on any functions you don't want to be callable. regards, tom lane
