R/3 security implementation using ASAP

Hi,

We have to implement the R/3 Security and Authorization part for a new project.

We have decided to use ASAP methodology.

Kindly help me decide what steps for Authorization n Role build would fall under the following ASAP steps:

1 Project Preparation

2 Business Blueprint

3 Realization

4 Final Preparation

5 Going Live

Also, can for some other methodology?

Thanks in advance.