One good way to have an easy first step with the permissions is to use a profile. You usually run it at the installation step, but you can run later (perhaps you need to ignore error). It is a list of sql queries.
A profile sets permissions for different tiki uses. A good one is db/profiles/BasicEnabled.prf