使用Firebase Admin SDK访问实时数据库时，默认情况下，它具有完全的读写访问权限. Admin SDK的假设是，您正在特权环境中运行，在该环境中代码完全在您的控制之下，并且您确切地知道自己在做什么.

When you use the Firebase Admin SDK to access Realtime Database, by default it has full read and write access. The assumption with the Admin SDK is that you're running in a privileged environment where the code is fully under your control, and you know exactly what you're doing.

您的代码正在Cloud Functions中运行的事实与任何这些都不相关.它可以轻松地在您的台式机或您控制的其他服务器上运行.这是Admin SDK的属性.

The fact that your code is running in Cloud Functions has no bearing on any of this. It could just as easily be running on your desktop or some other server you control. This is a property of the Admin SDK.

如果要更改对实时数据库的访问范围，则必须知道最终用户的UID，然后使用

If you want to change the scope of access to Realtime Database, you will have to know the end user's UID, then initialize the SDK to limit the scope of its privilege to that UID using databaseAuthVariableOverride at the time of init.