You can grant or deny the permissions to use user-defined functions depending on the type of function:
For scalar user-defined functions, you can grant or deny permissions on EXECUTE and REFERENCES.
For inline user-defined functions, you can grant or deny permissions on SELECT, UPDATE, INSERT, DELETE, or REFERENCES.
For multistatement table-values user-defined functions, you can grant or deny permissions to SELECT and REFERENCES.
As in stored procedures and views, if every object referenced in a user-defined function belongs to the same owner as the user-defined function, and a user tries to use the function, permissions will be checked only on the function, not on every object referenced in the function.
13.58.113.193