Meta - you are right and we are experiencing this, especially in cases where Developer used fields from different functional areas in a report, such as Material Number, Sales Org, Plant, etc. When searching USOBT (or TOBJ, thanks, Joseph!) it's not easily possible to search a logical OR because of the way data is stored in the field column.
But we do want the developers to try. I don't like when they give up and say "I don't know anything about security", I think it should be in their job requirements to understand the concept of TCode vs auth object and understand basically which functional area they are coding.
But again, you're right. Our security team gets involved often, and I think it's fine and unavoidable. For example, if we see "Movement Type" as a selection field in a report, then we are going to advise the Developer to choose an M_MSEG auth and give some suggestions. Working with developer, we can find auth objects that are relevant for the data in the report.
I opened this question because I was hoping there was a way to scan source code (not RSABAPSC) and suggest an auth object, or scan data fields and find or suggest an auth object. I guess that does not exist as I hoped.