默认的情况下，数据库中public（具有库级connect权限的用户自动获取public权限）具有insert,delete,update,select,index权限。若只允许public用户只有select权限，则需要回收权限。

-- （单表）回收all权限，仅授予select权限给public
-- 20230809 修正：可能存在grantor（表的owner）不是gbasedbt的情况
drop procedure if exists revoke_public_table(varchar);
create procedure revoke_public_table(p_tab varchar(128))
  define v_owner varchar(128);
  select owner into v_owner from systables where tabname = lower(p_tab);
  if v_owner is not null AND v_owner <> '' AND p_tab is not null AND p_tab <> '' then
    execute immediate 'revoke all on '||p_tab||' from public as ' || v_owner;
    execute immediate 'grant select on '||p_tab||' to public as ' || v_owner;
  end if;
end procedure;

-- （所有表）循环处理所有表，执行revoke_public_table
drop procedure if exists revoke_public();
create procedure revoke_public()
  define p_tab varchar(128);
  FOREACH select tabname into p_tab from systables where tabid > 99 and tabtype = 'T'
    EXECUTE PROCEDURE revoke_public_table(p_tab);
  END FOREACH;
end procedure;