BPS_WIF0 authorization concept

Authorization object R_PM_NAME can be used to control the access to different planning folders within UPSPL. What is a similar object for Web folders of the kind that can be executed from BPS_WIF0 or directly from the appropriate BSP. How is this same type of authorization concept applied, or does it need to be integrated directly into portal roles?