Thanks Justin,
my post was simply a discussion around "How best to allow a role/analytical priv to see all data?" and yes you are correct that would be row security.
I see 2 choices, one to set explicitly the regions a global manager can see and second not to restrict to any rows and see all data returned. (my first post lists pros/cons).
As I am no allowed to change the original topic of discussion, please post your insight around using stored procedures and AP in the following doc/post (where I am still trying to identify against which model the current stored procedure is executing):
http://scn.sap.com/docs/DOC-48801
Regarding: "In either case, you always have to maintain the authorizations,", this is where I noticed that an "empty" analytical privilege does not apply restrictions and will show all data. Which means I don't have to maintain authorizations when there are new regions added into the database - they will show up automatically.
I hope this makes a little more sense.
Thank you for your insight
Denis