Hi Welly,
For every Fiori user below authorization objects are required in order to create catalogs, groups etc.
s_service (For interacting with your backend odata service)
s_Rfcacl (For interacting with your RFC user, in order to get data from your backend system using same user id)
/ui2/chip (For tile chip errors)
s_pb_chip (For page buider chips)
Assign above authorization to a custom role and assign.
Regards,
Tejas