Default Permissions 
The portal comes with a minimal set of permissions assigned to its initial content. These default permissions are designed to provide maximum security for a freshly installed portal.
The default permissions settings are sufficient to enable users assigned to the super administrator role to work and gain access to all initial content. They also enable the remaining standard administration roles (content, system, and user) to access tools specific to these roles, but not to initial content objects. For example, a content administrator has access to the Portal Content Studio, but is not able to gain access to any content objects, such as iViews, pages, and roles—the Portal Catalog in the Portal Content Studio is empty.
This topic describes the default permissions assigned to the initial content of the portal.
The initial permissions described in this topic are only valid for a fresh and full installation of the portal. When upgrading a portal, the initial permissions script in the portal is not executed. This prevents the permissions in an existing portal from being overwritten.
If you are upgrading your portal, you will however need to assign permission to the standard portal components and services shipped with the portal. These components and services reside in the Security Zones folder. It is recommended to use as a basis the initial permissions set for security zones in a fresh installation (as described in the Permissions in Security Zones section below).
For guidelines on reconfiguring the strict initial permissions to allow the pre-configured portal roles to access initial content objects relevant to their role, read Configuring Permissions for Initial Content in SAP Enterprise Portal 6.0 (SP9 & Higher) available at service.sap.com/nw-howtoguides ® Portal, KM and Collaboration ® Portal.
1. Permissions for Super Administration Role
The standard super administer role (see Pre-configured Roles) is assigned maximum access to the entire set of portal initial content.
The user store and
data source of the User Management Engine used in your organization determines
which standard administrator users are members of the standard Administrators user group after the portal is installed. The
Super Administrator role is assigned by default to
the Administrators group. Therefore, initially all
standard administrator users have super administrator permissions in the
portal. For additional information, see 
Standard Users and
Standard User
Groups.
The following table specifies which default permissions settings of the super administrator role are assigned to the default root folders in the Portal Catalog:
Portal Catalog Folder (ID) |
Permission Setting |
Business
Objects |
●Administrator: owner ●End User1: enabled |
Portal Content |
●Administrator: owner ●End User1: enabled ●Role Assigner1: enabled |
Security Zones |
●Administrator: owner ●End User1: enabled |
NetWeaver Content
Producers2 |
●Administrator: owner ●End User1: enabled |
WSRP Content Producers2 (pcd:wsrp_content_producers) |
●Administrator: owner ●End User1: enabled |
Resource
Bundles |
●Administrator: owner ●End User1: enabled |
Applications |
●Administrator: read3 ●End User1: enabled |
1 Role assigner and end user permission settings are only relevant to specific Portal Catalog folders and object types. For more information, see Permission Levels.
2 Folders supporting a federated portal network. For more information, see Adding Producers and Assigning Administrator Permissions to Producer Objects.
3 Read permission is necessary for the super administrator to view all portal components in the object creation wizards. See Object Creation Wizards.
To prevent a complete lockout situation in the portal, the default permissions of the super administrator role cannot be deleted or modified. For information on assigning other super administrator-like roles with owner permissions to all portal objects, see UME Actions in the Portal.
2. Permissions in Security Zones
In addition to the super administrator permissions described above, the following permissions also exist for the standard safety levels in the Security Zone folder (for more information, see Security Zones):
Safety Level |
Portal Catalog Folder |
Permission Setting |
No safety |
· Security Zones ® sap.com ® NetWeaver.Portal ® no_safety · Security Zones ® sap.com ® NetWeaver.UserManagement ® no_safety |
Everyone group: ● Administrator: none ● End user: enabled For more
information about this group, see |
Low safety |
· Security Zones ® sap.com ® NetWeaver.Portal ® low_safety · Security Zones ® sap.com ® NetWeaver.UserManagement ® low_safety |
Authenticated Users group: ● Administrator: none ● End user: enabled For more
information about this group, see |
Medium and high safety |
· Security Zones ® sap.com ® NetWeaver.Portal ® medium_safety · Security Zones ® sap.com ® NetWeaver.Portal ® high_safety |
Content Admin and System Admin roles: ● Administrator: none ● End user: enabled For more information about these roles, see Pre-configured Roles. |
· Security Zones ® sap.com ® NetWeaver.UserManagement ® medium_safety · Security Zones ® sap.com ® NetWeaver.UserManagement ® high_safety |
User Admin and Delegated User Admin roles: ● Administrator: none ● End user: enabled For more information about these roles, see Pre-configured Roles. |
Problems related to accessing the portal and its content are often attributed to insufficient permissions in security zones. When troubleshooting access-related issues in the portal, it is recommended to also check the security zone permissions.
3. Permissions in 'Portal Content' Sub-Folders
In addition to the super administrator permissions described above, the following permissions are also assigned to certain sub-folders in the Portal Catalog:
Portal Catalog Folder (ID) |
Permission Setting |
Portal Content ® Content Provided by SAP ® Admin Content ® Content Administrators (pcd:portal_content/com.sap.pct/ |
Content Admin role: ● Administrator: none ● End user: enabled |
Portal Content ® Content Provided by SAP ® Admin Content ® System Administrators (pcd:portal_content/com.sap.pct/ |
System Admin role: ● Administrator: none ● End user: enabled |
Portal Content ® Content Provided by SAP ® Admin Interfaces ® Admin iView Templates (pcd:portal_content/com.sap.pct/ |
Content Admin and System Admin roles: ● Administrator: none ● End user: enabled |
Portal Content ® Portal Users (pcd:portal_content/every_user) |
Everyone group: ● Administrator: read ● End user: enabled |