First you need to check the values you are using when creating objects; else you can clean this up and still have problems.
Is there a reason that a user needs authority ot everything in a library?
You need to determine what you want for you master security plan before you just start making changes.
Making changes for one user can have other impact. What about any remote user access?