diff --git a/apps/bi/services.py b/apps/bi/services.py
index 4c44ccfa..29cc91e4 100644
--- a/apps/bi/services.py
+++ b/apps/bi/services.py
@@ -5,7 +5,7 @@ from apps.bi.models import Dataset
 import concurrent
 from apps.utils.sql import execute_raw_sql, format_sqldata
 
-forbidden_keywords = ["UPDATE", "DELETE", "DROP", "TRUNCATE"]
+forbidden_keywords = ["UPDATE", "DELETE", "DROP", "TRUNCATE", "INSERT", "CREATE", "ALTER", "GRANT", "REVOKE", "EXEC", "EXECUTE"]
 
 
 def check_sql_safe(sql: str):