A PostgreSQL function execution fails because the user lacks EXECUTE privilege. Grant the required permissions using GRANT EXECUTE to allow the user to call the function.
This error occurs when a PostgreSQL user attempts to execute a function without having the EXECUTE privilege on it. By default, PostgreSQL grants EXECUTE permission to PUBLIC (all users) when a function is created, but this can be restricted by revoking privileges. System functions like pg_ls_waldir, pg_read_binary_file, and pg_stat_file commonly trigger this error in monitoring and replication scenarios when users lack the necessary permissions.
First, identify which function is causing the error and inspect its current privileges.
-- As a superuser or function owner, check the function ACL
SELECT proname, proacl
FROM pg_proc
WHERE proname = 'your_function_name';The proacl column shows the access control list. If it's NULL, PUBLIC has default EXECUTE permission. If it's set, it shows explicitly granted/revoked privileges.
The most direct fix is to grant EXECUTE permission to the user or role that needs to call the function.
-- Grant to a specific user
GRANT EXECUTE ON FUNCTION function_name(argument_types) TO username;
-- Grant to a role
GRANT EXECUTE ON FUNCTION function_name(argument_types) TO role_name;
-- Grant to all users (public)
GRANT EXECUTE ON FUNCTION function_name(argument_types) TO PUBLIC;Make sure to include the function's argument types. For example: GRANT EXECUTE ON FUNCTION pg_ls_waldir() TO monitoring_user;
Users need USAGE privilege on the schema containing the function to execute it. Grant schema access if the user lacks it.
-- Grant schema usage
GRANT USAGE ON SCHEMA schema_name TO username;
-- Grant on public schema
GRANT USAGE ON SCHEMA public TO username;Without USAGE on the schema, users cannot access any objects in it, including functions.
If a user needs to execute multiple functions in a schema, grant permission on all of them at once.
-- Grant execute on all current functions in a schema
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA schema_name TO username;
-- Set default privileges for future functions
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name
GRANT EXECUTE ON FUNCTIONS TO username;This is common for monitoring, backup, or automation accounts that interact with multiple functions.
Switch to the user account and attempt to execute the function to confirm the permission has been granted.
-- Connect as the user
SET ROLE username;
-- Try executing the function
SELECT * FROM function_name();
-- Reset to original role if in the same session
RESET ROLE;If the function executes successfully, the permission grant worked. If it still fails, check that all steps above were completed.
On managed services like Azure PostgreSQL Flexible Server or AWS RDS, certain system functions may have restrictions that GRANT cannot override.
-- Try granting, but be aware some functions may still fail on managed databases
GRANT EXECUTE ON FUNCTION pg_ls_waldir() TO monitoring_role;If the grant succeeds but the function still fails, contact your database provider. Some extensions like pg_cron or timescaledb may require extension recreation or provider-side fixes. For pg_cron issues on Azure, try dropping and recreating the extension.
By default, PostgreSQL creates functions with EXECUTE privilege granted to PUBLIC, but this can be overridden with REVOKE ALL ON FUNCTION. Best practice is to revoke PUBLIC access and grant privileges only to specific roles in the same transaction that creates the function, eliminating the security window. For extension functions and system functions, behavior varies by PostgreSQL version and function typeβsome are created with restrictive permissions by design. Cloud databases may further restrict access to functions that interact with the file system or replication, and these restrictions are often not overridable via SQL. When designing access control, use roles hierarchically: create a monitoring_role or automation_role and grant them necessary function privileges, then assign users to those roles for centralized management.
ERROR: syntax error at end of input
Syntax error at end of input in PostgreSQL
Bind message supplies N parameters but prepared statement requires M
Bind message supplies N parameters but prepared statement requires M in PostgreSQL
Multidimensional arrays must have sub-arrays with matching dimensions
Multidimensional arrays must have sub-arrays with matching dimensions
ERROR: value too long for type character varying
Value too long for type character varying
insufficient columns in unique constraint for partition key
How to fix "insufficient columns in unique constraint for partition key" in PostgreSQL