Hi, The default behavior on Postgres is to grant EXECUTE to PUBLIC on any function or procedure that is created.
I feel this this is a security concern, especially for procedures and functions defined with the "SECURITY DEFINER" clause. Normally, we don’t want everyone on the database to be able to run procedures or function without explicitly granting them the privilege to do so. Is there any reason to keep grant EXECUTE to PUBLIC on routines as the default? Best, Jacek Trocinski
