You can only grant/revoke privaleges on packages. The trick is to figure out what the package name for a function is. Try SQL similar to this to figure it out:
select pd.pkgschema,pd.pkgname,p.valid from syscat.packagedep as pd,syscat.packages as p, syscat.functions as f where (pd.bname = f.specificname) and (f.funcschema = 'MYSCHEMA') and (funcname = 'MYFUNC') and (pd.pkgschema = p.pkgschema) and (pd.pkgname = p.pkgname) and (pd.bschema = f.funcschema)
Note: you may get back more than one entry back (I do not know why) so be prepared.