Default Permissions 
The portal comes with a minimal set of permissions assigned to its initial content. These default permissions are designed to provide maximum security for a freshly installed portal.
The default permissions settings are sufficient to enable users assigned to the super administrator role to work and gain access to all initial content. They also enable the remaining standard administration roles (content, system, and user) to access tools specific to these roles, but not to initial content objects. For example, a content administrator has access to the Portal Content Studio, but is not able to gain access to any content objects, such as iViews, pages, and roles—the Portal Catalog in the Portal Content Studio is empty.
This topic describes the default permissions assigned to the initial content of the portal.
Caution
The initial permissions described in this topic are only valid for a fresh and full installation of the portal. When upgrading a portal, the initial permissions script in the portal is not executed. This prevents the permissions in an existing portal from being overwritten.
If you are upgrading your portal, you will however need to assign permission to the standard portal components and services shipped with the portal. These components and services reside in the Security Zones folder. It is recommended to use as a basis the initial permissions set for security zones in a fresh installation (as described in the Permissions in Security Zones section below).
Recommendation
For guidelines on reconfiguring the strict initial permissions to allow the pre-configured portal roles to access initial content objects relevant to their role, read How to Configure Initial Permission for Initial Content in SAP NetWeaver available at 
sdn.sap.com/irj/sdn/howtoguides 
SAP NetWeaver 7.0 SAP NetWeaver How-to Guides User Productivity Enablement Running an Enterprise Portal 
.
1. Permissions for Super Administration Role
The standard super administer role (see Pre-configured Roles) is assigned maximum access to the entire set of portal initial content.
The user store and data source of the User Management Engine used in your organization determines which standard administrator users are members of the standard Administrators user group after the portal is installed. The Super Administrator role is assigned by default to the Administrators group. Therefore, initially all standard administrator users have super administrator permissions in the portal. For additional information, see Standard Users and Standard User Groups.
The following table specifies which default permissions settings of the super administrator role are assigned to the default root folders in the Portal Catalog:
Portal Catalog Folder (ID) |
Permission Setting |
|---|---|
Business Objects (pcd:Business_Objects) |
|
Portal Content (pcd:portal_content) |
|
Security Zones (pcd:com.sap.portal.system/security) |
|
NetWeaver Content Producers** (pcd:NetWeaver_content_producers) |
|
WSRP Content Producers** (pcd:wsrp_content_producers) |
|
Resource Bundles (pcd:com.sap.portal.system/resource_bundles) |
|
Applications (parap:/Applications) |
|
* Role assigner and end user permission settings are only relevant to specific Portal Catalog folders and object types. For more information, see Permission Levels.
** Folders supporting a federated portal network. For more information, see Adding Producers and Assigning Administrator Permissions to Producer Objects.
*** Read permission is necessary for the super administrator to view all portal components in the object creation wizards. See Object Creation Wizards.
To prevent a complete lockout situation in the portal, the default permissions of the super administrator role cannot be deleted or modified. For information on assigning other super administrator-like roles with owner permissions to all portal objects, see UME Actions in the Portal.
2. Permissions in Security Zones
In addition to the super administrator permissions described above, the following permissions also exist for the standard safety levels in the Security Zone folder (for more information, see Security Zones):
Safety Level |
Portal Catalog Folder |
Permission Setting |
|---|---|---|
No safety |
|
Everyone group:
For more information about this group, see Default Groups. |
Low safety |
|
Authenticated Users group:
For more information about this group, see Default Groups. |
Medium and high safety |
|
Content Admin and System Admin roles:
For more information about these roles, see Pre-configured Roles. |
|
User Admin and Delegated User Admin roles:
For more information about these roles, see Pre-configured Roles. |
Recommendation
Problems related to accessing the portal and its content are often attributed to insufficient permissions in security zones. When troubleshooting access-related issues in the portal, it is recommended to also check the security zone permissions.
3. Permissions in ‘Portal Content’ Sub-Folders
In addition to the super administrator permissions described above, the following permissions are also assigned to certain sub-folders in the Portal Catalog:
Portal Catalog Folder (ID) |
Permission Setting |
|---|---|
(pcd:portal_content/com.sap.pct/administrator/content_admin) |
Content Admin role:
|
(pcd:portal_content/com.sap.pct/administrator/system_admin) |
System Admin role:
|
(pcd:portal_content/com.sap.pct/admin.templates/iviews) |
Content Admin and System Admin roles:
|
(pcd:portal_content/every_user) |
Everyone group:
|