The minimal production database setup contains at least two types of users, namely administrators and end users, where administrators can do everything (they are superusers), and end users can only do very little, usually just modify the data in only a few tables and read from a few more.
It is not a good idea to let ordinary users create or change database object definitions, meaning that they should not have the CREATE privilege on any schema, including PUBLIC.
There can be more roles for different types of end users, such as analysts, who can only select from a single table or view, or some maintenance script "users" who see no data at all and just have the ability to execute a few functions.
Alternatively, there can also be a manager role, which can grant and revoke roles for other users but is not supposed to do anything else.