Do I need to expose "security definer" Functions in Row Level Security Policies?

PostgREST supports 2 config parameters:

• Exposed Schemas
• Extra Search Path

You do not need to add your "security definer" Functions to either of these if you are using them in your Policies.

PostgREST doesn’t need to know about this function on extra search path or exposed schemas, as long as you explicitly use the schema inside RLS (eg: security.rls_func).