User-Defined Function Privileges
User-defined functions (described in CREATE FUNCTION Statements) can be created by superusers or users with CREATE privileges on the schema that will contain the function, as well as USAGE privileges on the base library (if applicable).
Users or roles other than the function owner can use a function only if they have been granted EXECUTE privileges on it. They must also have USAGE privileges on the schema that contains the function to be able to call it.
Privilege | Description |
---|---|
EXECUTE |
Permission to call a user-defined function. |
USAGE |
Permission on the schema that contains the function. |
- DROP FUNCTION: Only a superuser or function owner can drop the function.
- ALTER FUNCTION (UDF or UDT) RENAME TO: A superuser or function owner must have USAGE and CREATE privileges on the schema that contains the function to be renamed.
- ALTER FUNCTION (UDF or UDT) SET SCHEMA: A superuser or function owner must have USAGE privilege on the schema that currently contains the function (old schema), as well as CREATE privilege on the schema where the function will be moved (new schema).
For details on granting and revoking user-defined function privileges, see the following topics in the SQL Reference Manual: