The PUBLIC system role has SELECT privilege on a set of system tables and EXECUTE privilege on system procedures.
By default, the PUBLIC system role is a member of the dbo and SYS system roles, with no administrative rights. As a member of the SYS role, it has read access for some system tables and views, so any user of the database can see information about the database schema. To restrict this access, revoke PUBLIC's membership in the SYS system role.
Any new user ID is automatically a member of the PUBLIC system role and inherits any privileges that are specifically granted to that role. Although you can remove a user from the PUBLIC system role, SAP recommends that you do not, as doing so might impact a user's ability to run system stored procedures.
You can grant the PUBLIC system role to other roles only with no administrative rights (WITH NO ADMIN OPTION clause). The WITH ADMIN OPTION and WITH ADMIN ONLY OPTION clauses are invalid for the PUBLIC system role.
You can grant system privileges and roles to, and revoke them from, the PUBLIC system role, including the default roles.
GRANT ROLE PUBLIC TO grantee [,...]