Did I find a bug?
Imagine trying to select from a database VIEW that your role is not granted permission to. You expect, and receive, a simple error message that you don't have permission to the VIEW. Now, add a call to a STABLE or IMMUTABLE function in the VIEW. In my case, I added a WHERE that called a function to return the current user id from an environment variable.
If I do the same select, I now get an error message generated in the STABLE function!
Just to be clear: an EXCEPTION is being raised inside a function that's part of a WHERE clause in a VIEW that my role doesn't have permission to select. Why is it calling the function?
I think because the function is considered STABLE, Postgres is pre-calculating where possible. If I don't declare it as STABLE, I get the generic "don't have permission" error. My feeling is that should be deferred that until someone at least executes the statement. I think it's really odd that the function gets executed even though I'm not allowed to execute the VIEW that calls it.