Hello Katya, much of what you are asking falls into the category of setting up the application for the first time. You would want to put these rules in place and not alter them once your community is going since changes here would mean changes to the database for any existing records. Here's some answers:

1) There are some global permissions... these are located in the build.properties file and can be modified to alter the application's behavior. Specifically:

1. Capabilities

REGISTER=true (determines if site is by invitation only, or allows anyone to register)
LICENSE=true (determines if the terms and conditions must be agreed to during registration)
INVITE=true (determines if users, by default, can invite non-users to the system)
SENSITIVE_INFORMATION=false (determines if the portlets should respond differently to logged in/out users)
ANONYMOUS=false (determines if user name uses the last name initial or full last name)
USE_LOCATIONS=true (determines if the location field is shown for searches)

2) When users add a profile for any of the categories you mentioned, the rules are configured in the application's dashboards_en_US.xml file. You will have to manage this file between upgrades until the rules are more centrally controlled.

So, to protect Groups, People, Events, etc, find the definition of the "AddProjectByCategoryPortlet" for each category and make a change like:

<allowGuests>false</allowGuests>
<allowParticipants>true</allowParticipants>

This tells the portlet to create the profile record so that guests (non logged-in users) can't see the data, but participants (logged-in users) can.

You will see in the dashboard file that there is a lot that can be customized, so becoming familiar with this file is essential for setting up new communities.

Matt, thanks very much - that was really good info.

It adds to an admin's to-do list, but it's well worth the time.