On Wednesday, July 24, 2019, Swanand Kshirsagar <swanandon(at)gmail(dot)com> wrote:
>
> Isn't revoking permissions from a schema should take care of this
> situation?
>
The pl/pgsql function body is stored in pg_catalog which the user still has
permission to read. There isn’t a good/supported way to work around this
behavior.
David J.