Does anyone know why new functions in the public schema have a permission for "PUBLIC" in addition to the "anon", "authenticated", "service_role" and "postgres" roles? I understand why those roles have execute permissions (they are granted permission by default as specified here: https://github.com/supabase/supabase/blob/76e1254a91cd5c6b1eb80d3faf19cfd6a3735a95/docker/volumes/db/init/00-initial-schema.sql), however, I do NOT understand why PUBLIC also gets these permissions (as far as I know, PUBLIC is a reserved keyword meaning 'all roles')

My understanding is that when you create a function in Postgres it automatically includes Public execute permission unless you revoke it. For what it's worth.

Thanks, @User , indeed the Postgresql docs confirm your understanding: "Another point to keep in mind is that by default, execute privilege is granted to PUBLIC for newly created functions (see Section 5.7 for more information." (https://www.postgresql.org/docs/14/sql-createfunction.html)