How can I revoke execution of a PostgreSQL function?

All functions access is PUBLIC by default, this means that any role can execute it. To revoke execution, there are 2 steps required:

• Revoke function execution (foo in this case) from PUBLIC:

1
revoke execute on function foo from public;

• Revoke execution from a particular role (anon in this case):

1
revoke execute on function foo from anon;

Now anon should get an error when trying to execute the function:

1
2
3
4
begin;set local role anon;select foo();ERROR:  permission denied for function foo