When should protections be set?

Run p4 protect immediately after installing Helix Core Server for the first time. Before the first call to p4 protect, every Helix Core Server user is a superuser and thus can access and change anything in the depot. The first time a user runs p4 protect, a protections table is created that gives superuser access to the user from all IP addresses, and lowers all other users' access level to write permission on all files from all IP addresses.

The Helix Core Server protections table is stored in the db.protect file in the server root directory; if p4 protect is first run by an unauthorized user, the depot can be brought back to its unprotected state by removing this file.