Hi Fawzy
the BASIS
team or the function consultants?
I'd say the security team 
Whoever you choose, ensure they are actually trained and knowledgeable of PFCG/SU24/general security. Splitting role maintenance across several teams can create inconsistent role build.
Basis might know how to click and tick boxes (or at least a step ahead of 'just assign sap_all') but they need to understand what the authorisations are for and how to appropriately restrict for functional requirements. Both may know how to build but do they understand how to interpret a misleading authorisation failure check in a trace?
Best practise is to choose someone who is competent
Regards
Colleen