Adds description of `lua_call option specifics

doc/code_snippets/snippets/config/instances.enabled/lua_call/config.yaml

@@ -0,0 +1,23 @@
+# grant privilege
+credentials:
+  users:
+    alice:
+      privileges:
+        - permissions: [execute]
+          lua_call: [my_func, my_func2]
+
+# take away a privilege:
+credentials:
+  users:
+    alice:
+      privileges:
+        - permissions: [execute]
+          lua_call: [my_func]
+
+# take away a privilege:
+credentials:
+  users:
+    alice:
+      privileges: []
+#        - permissions: [execute]
+#          lua_call: [my_func, my_func2]

doc/reference/configuration/configuration_reference.rst

@@ -1447,11 +1447,24 @@ credentials.users.*
 .. confval:: <user_or_role_name>.privileges.lua_call
 
     A list of global user-defined Lua functions that this user or a user with this role can call.
-    To allow calling all such functions, specify the ``all`` value.
+    To allow calling a specific function, specify its name as the value.
+    To allow calling all global Lua functions except built-in ones functions, specify the ``all`` value.
 
     This option should be configured together with the ``execute``
     :ref:`permission <configuration_reference_credentials_privileges_permissions>`.
 
+    To take a previously granted privilege away, specify the ``lua_call`` option without the function name, 
+    or with an empty privileges array (furhter options may retain commented-out).
+
+    Since version :doc:`3.3.0 </release/3.3.0>`, the ``lua_call`` option allows granting users privileges to call specified lua function on 
+    the instance in runtime.
+
+    Example to grant and take away custom functions from the 'alice' user:
+
+    ..  literalinclude:: /code_snippets/snippets/config/instances.enabled/lua_call/config.yaml
+        :language: yaml
+        :dedent:
+
 ..  _configuration_reference_credentials_privileges_sql:
 
 .. confval:: <user_or_role_name>.privileges.sql