When and where to check for function permissions

In my current implementation for function privileges, I have the function
permission check somewhere down in the executor.  (To be precise, the
permission is determined when the fcache is initialized, and it's checked
in ExecMakeFunctionResult.)  Now I remembered the way SQL99 specifies
function resolution, which has the permission check before the function
resolution begins.  See also

http://archives.postgresql.org/pgsql-hackers/2002-01/msg01120.php

for the full details.

This makes some sense, because normally you'd want the parser to choose
only between the functions you have access to.

I do have two concerns, however:

1. It would lead to confusing error messages, i.e., always "not found"
instead of "permission denied".

2. It would make a great deal of more sense if the table name resolution
that will be necessary in the new schema implementation were done the same
way.  But I have a feeling that this could get messy when rewrite rules
are involved.  (More generally, the whole schema resolution could get
messy when rewrite rules are involved.)

Any comments?

-- 
Peter Eisentraut   peter_e@gmx.net