Thanks for the responses. > I would go with the GRANT approach. Make my_func() a SECURITY DEFINER function, and revoke access to my_func_extended() for all other roles. This sounds reasonable, and can be one of the options.
> Dunno how complicated the logic in my_func() is, if that makes sense. Actually my_func_extended already exists hence I don't want to touch its C definition, nor wanted to duplicate the logic. >The SPI API is not difficult, and this looks like best option Sorry didn't understand this part, are you suggesting I can have called my_func_extended() through SPI inside my_func(), but didnt that also required my_func_extended() declaration present in SQL ? And If that is present then anyone can call my_func_extended() directly. Regards Ayush AWS
