On Wednesday, July 24, 2019, Swanand Kshirsagar <swanandon@gmail.com> wrote:
Isn't revoking permissions from a schema should take care of this situation?
The pl/pgsql function body is stored in pg_catalog which the user still has permission to read. There isn’t a good/supported way to work around this behavior.