One of the use case of Kusto functions is to abtract underlying table schema/data changes etc. But with the permissions at database level, there is no way to hide/restrict direct usage of tables. Users are able to view all entities (tables, functions etc) within database and able to explore and access. When we change table schema, it may break if they are directly accessing table. It would be good to have security role which restricts at entity level (e.g provide access to function but not tables). 

Also in the ADX ideas