ASA Database Administration Guide
Managing User IDs and Permissions
Managing groups
When you create a database, the SYS and PUBLIC groups are also automatically created. Neither of these groups has passwords, so it is not possible to connect to the database as either SYS or as PUBLIC. However, the two groups serve important functions in the database.
The SYS group owns the system tables and views for the database, which contain the full description of database structure, including all database objects and all user IDs.
For more information about the system tables and views, together with a description of access to the tables, see the chapters System Tables, and also System Views.
The PUBLIC group has CONNECT permissions to the database and SELECT permission on the system tables. As well, the PUBLIC group is a member of the SYS group, and has read access for some of the system tables and views, so any user of the database can find out information about the database schema. If you wish to restrict this access, you can REVOKE PUBLIC's membership in the SYS group.
Any new user ID is automatically a member of the PUBLIC group and inherits any permissions specifically granted to that group by the DBA. You can also REVOKE membership in PUBLIC for users if you wish.