Well I found the answer by myself. I write it here for future users:
you have to follow the instructions on page 8 of the Rights documentation (v. 1.2.0). I was confused by the title “Additional features” while they’re actually “required settings”.
Shortly:
[list=1]
[*]Open "/protected/components/Controller.php" and modify the "R" as follows:
class Controller extends RController
[*]Open every controller of your application and edit as follows:
public function filters()
{
return array(
'rights', // perform access control for CRUD operations
);
}