BPC User,
I've created data access profiles for read and write for each member on the entity dimension so I can easily add users to teams, going forward.
Where appropriate, create any aggregations that make sense. For example, if you have groups of people who will need access to a number of entities, then create DAP's for that grouping as well.
Here's where the groupings come into play. BW has a system limitation of 312 profiles per user. This cannot be adjusted. As users get assigned to different teams, task profiles ,and DAP's, profiles are created on the that user's profile on the back end. So, if a user should have access to 10 different entities, assigning them individually could consume 20+ profiles. When you consider multiple models and multiple environments in the same BW instance, this could quickly become an issue for some of your power users.
Go as granular as the business needs, but create as many of the roll-ups as the business will use. It's add'l effort on the front end, but it may make everyday security changes much easier.
Jeff