When a database is created, two groups are also automatically created. These are SYS and PUBLIC. Neither of these groups has passwords, so it is not possible to connect to the database as either SYS or as PUBLIC. The two groups serve important functions in the database.
The SYS group is owner of the system tables and views for the database, which contain the full description of database structure, including all database objects and all user IDs.
For a description of the system tables and views, together with a description of access to the tables, see Chapter 9, “System Tables” and Chapter 8, “System Views” in Reference: Building Blocks, Tables, and Procedures.
When a database is created, the PUBLIC group is automatically created, with CONNECT permissions to the database and SELECT permission on the system tables.
The PUBLIC group is a member of the SYS group, and has read access for some of the system tables and views, so that any user of the database can find out information about the database schema. If you wish to restrict this access, you can REVOKE PUBLIC's membership in the SYS group.
Any new user ID is automatically a member of the PUBLIC group and inherits any permissions specifically granted to that group by the DBA. You can also REVOKE membership in PUBLIC for users if you wish.