In Postgres, is an unprivileged role able to execute a function with elevated privileges?

For context, I am using: - postgREST : a thin REST client on top of Postgres (which does all the heavy lifting) - Azure AD : which handles identity and access of the organization Since users, roles, groups, etc (and even password reset, etc) are handled in Azure AD, all I want to do with my API is allow the user that provided a validated JWT in. When a user first faces the API, their role doesn't exist. And when they first face the API, they effectively have the most basic permissions (that of anonymous user). I want an anonymous user to be able to POST to an /rpc/* endpoint with a valid id token from Azure AD. This would do some very privileged stuff like creating and granting roles (but controlled by the function). i.e. Anonymous user would not be able to create a role, but anonymous user would be able to execute function (with valid security JWT as input), and indirectly create roles through the function.