SAP certainly want to get complexity away from the user, and even the administrator.
That is a bad omen for the developer as there is a load more of IF THEN ELSE. So auth relevant IF THEN ELSE is even worse and needs to tie it to something which is a context and a reliable proposal and visibility...
--> SU24 and menu objects for on-site backend authorizations based on job roles.
Also nothing new (bar some odd things which PFCG does not support yet or organizations which tick differently an need 10 special task roles because the head of accounting is also a developer in small organizations, etc..)
Cheers,
Julius