Oracle public role

The PUBLIC role is a special role that every database user account automatically has when the account is created. 
By default, it has no privileges granted to it, but it does have numerous grants, mostly to Java objects. 
You cannot drop the PUBLIC role, and a manual grant or revoke of this role has no meaning, because the user account will always assume this role. 
Because all database user accounts assume the PUBLIC role, it does not appear in the DBA_ROLES and SESSION_ROLES data dictionary views.
You can grant privileges to the PUBLIC role, but remember that this makes the privileges available to every user in the Oracle database. 

public是role, 在创建用户时会自动授予此角色，且伴随用户一生，grant与revoke public无意义，通过dba_roles或session_roles查不到此角色 

使用as sysdba登陆schema为sys, 使用as sysoper登陆schema为public
授予PUBLIC的权限会自动被所有用户继承，所以在看用户权限时一定要看下public是否有系统权限！

默认public是没有系统权限的，但有大量的对象权限：
select * from dba_sys_privs where grantee='PUBLIC';           
select count(*)  from dba_tab_privs where grantee='PUBLIC';   ---34553

对public的授权在执行catalog.sql时执行：
cd $ORACLE_HOME/rdbms/admin
$ grep -iE ".*grant.* to public.*" ./* | less

注：Revoking a privilege from the PUBLIC role can cause significant cascading effects. If any privilege related to a DML operation is revoked from PUBLIC (for example, SELECT ANY TABLE or UPDATE ON emp), then all procedures in the database, including functions and packages, must be reauthorized before they can be used again. Therefore, be careful when you grant and revoke DML-related privileges to or from PUBLIC.

注：cdb中public是common role，并它与一般oracle自带的common user/role不同，它是pdbs分别local grant system privileges to public
       在进行grant xx to public container=all 时会影响cdb中所有local及common user, 因此不建议使用
Every privilege and role granted to Oracle-supplied users and roles is granted commonly except for system privileges granted to PUBLIC, which are granted locally. 
This exception exists because you may want to revoke some grants included by default in Oracle Database, such as EXECUTE on the SYS.UTL_FILE package.
Privileges granted commonly to PUBLIC enable all local users to exercise the granted privilege in their respective PDBs and enable all common users to exercise this privilege in the PDBs to which they have access. Oracle recommends that users do not commonly grant privileges and roles to PUBLIC.

测试：
1. 你可以通过授权给public同时授权所有用户
create user hr identified by hr;
grant create session to public;
select PRIVILEGE from dba_sys_privs where GRANTEE='PUBLIC';    --CREATE SESSION
select PRIVILEGE from dba_sys_privs where GRANTEE='HR';         --null，从用户视图是看不到的！！
sqlplus hr/hr    ---可以连接
revoke create session from public;
sqlplus hr/hr    ---无法连接

2. 不能从一般用户收回public的权限：
revoke create session from hr;
ORA-01952: system privileges not granted to 'HR'

3. 授予收回
CREATE USER SCOTT IDENTIFIED BY TIGER;
select * from dba_role_privs where grantee='SCOTT';   --空