A user-defined function is owned by the user who created it, and that user can execute it without permission.
The owner of a user-defined function can grant permissions to other users with the GRANT EXECUTE command.
For example, the creator of the function fullname allows another_user to use fullname with the statement:
GRANT EXECUTE ON fullname TO another_user
The following statement revokes permission to use the function:
REVOKE EXECUTE ON fullname FROM another_user
See System Administration Guide: Volume 1 > Managing User IDs and Permissions > Managing Individual User IDs and Permissions > Granting Permissions on Procedures in Interactive SQL.