Hello,
If you wish to implement external security we suggest that you review Chapter 6 of the SYSVIEW Security Guide:
Controlling Access using SAF.
It contains the details of a suggested implementation plan.
The most important item to remember when implementing external security is that if the internal security fails the access, external security cannot override the failed access by permitting access to a resource.
Also, if the details in the document aren't sufficient or you require additional details for your implementation then please open a Service Cloud case with SYSVIEW support so that we can enhance or improve our documentation and provide you with assistance.
Thank you.