BPC security management is integrated with NW security management, so assigning BPC user to BPC environment actually equals assigning NW user to NW Role/Profile.
If the CUA (Central User Administration) is enabled in system landscape, the underlying NW API will throw an exception when trying to assign user to NW Role/Profile. This is out of BPC control, BPC 10 does not support CUA and therefore, BPC 10 user security cannot be configured through CUA.
However, this feature will be considered in future releases.
This is the SAP Note for that:
1675327 - BPC10NW: Configure BPC Users via Web Admin console without excluding the BW system from CUA.
If you wished to Assign SAP Business Planning and Consolidation Authorizations via the SAP Governance, Risk, and Compliance (GRC) Access Control Compliance User Provisioning Product then take a look at the below document:
Hope this helps
In BPC 10.0 NW version the integration between BPC and BW is closer and better when compared to earlier versions of BPC 7X. The BPC 10.0 Users are NW Users, Windows Active Directory Users and CMS Users are no longer supported, The Users and Profiles are created in BW using the t.codes SU01 and PFCG. There are two roles which needs to be assigned to a BPC User in BW they are:
/POA/BUI_FLEX_CLIENT and /POA/BUI_UM_USER
As BW is a OLAP system and ECC is a OLTP system the role creation and User Administration remains the same, but the Authorization would be different in both ECC and BW Systems. I think you can have one Security for BPC and BW.