The database user should have restricted permissions that allow the user to only select data from event sources and to execute only user-defined functions that are used by conditions.