Hi,
As usual you need to build a role by yourself based on your requirements. In case of Odata services there are two different TADIR services that needs to be added. One corresponds to authorization to execute logic on backend server and the other one to access service on front end server. You can get specific services by tracing one call using ST01. For Fiori apps from SAP you get role templates. You can use them for inspiration.
Cheers