Again, this is set up by default, by Create/Enable Enterprise Geodatabase (Data Management). It doesn't prevent someone from removing the PUBLIC grant, though. If the PUBLIC grant is removed (by misguided security types, for example), it needs to be replaced by a GDBUSER_ROLE, and SELECT grants to that role to each table from which PUBLIC access was revoked, then grants to DGBUSER_ROLE would need to be added for each new user.
- V
BTW: You need to go back and edit your GSE post, to include this information.