Hi AG
Do you have a general auditing background or security background? Your questions is a mixture of basic trainining security
You can answer this question yourself if you take the time to read up on what the authorisation object is used for and also find out what the support structure for your system is (that is, are the people with the access responsible for the administration activities that require that access)
Also, in determining risk it isn't always about the object but the actual values of the authorisation. Display activity for example would be quite different to creation or modification.
Regards
Colleen