Hello,
Are you referring to BPC classic? If you are referring to classic and if I am understanding your question correctly, then you have two ways of assigning the necessary authorization objects to a BW user who is also a BPC user, the hard way and the easy way. The easy way is by adding the BW user to a BPC security team which, has a task and data access profile. This will trigger all the necessary BPC roles for that user, and by extension the authorization objects that are assigned to roles. If you want to do it the hard way, then I am not aware of any documented way to get the list of authorization objects without BPC roles.
If you have the BPC roles generated then you can probably use some t-codes like PFCG or SUIM to get the list of authorization objects. Personally, I have used PFCG frequently for when a BPC role already exist but I have not used SUIM.
To the best of my knowledge, you do not need to assign SAP_BPC_SERVICE role to all users. That role is for users that need special authorization to update data on the system level. Usually user accounts that run jobs, e.g. BPC_SERVICE, have that role assigned to them.
In my experience I also had to assign the following roles to my user, /POA/CLM_BPC_USER, /POA/BUI_UM_SER before they could see the content of BPC web client.
Best Regards,
Leila