User Management Steps After Installation 

Newly installed repositories do not execute authorization checks as long as no authorizations have been defined. Access controls are executed only after the first permission has been defined. Before that, every user has all rights.

In addition, you must protect the directory, in which the ACLs are stored in the repository. SAP urgently recommends to maintain the authorizations immediately after the installation.

The steps following the installation should be:

·         Granting the basic rights to all users (read, change, check in)

·         Granting the administrators’ rights

·         Protecting the ACLs and other system directories against access by "normal" users