One Multiple-Dimensions DAC or Multiple Single-Dimension DACs
Basically
If the Restriction is equal, then the DAC considers the Criterion entries as an "AND"
If the Restriction is not-equal, then the DAC considers the Criterion entries as "OR"

Use Case:
We have multiple RSIOBJNM-like f.e.: 0PLANT, 0COMP_CODE and we would like to implement RSINFOCUBE-like access as well.

One Multiple Dimensions DAC: 
In DSP it is not mandatory to have all Criterions used in DAC populated. Enough is one Restriction/Criterion row.

Example:
User has maintained access to 0PLANT, but 0COMP_CODE is missing.
DSP: User will see maintained PLANTS and ALL COMP_CODEs
BW: User will get "No authorizations" message

DSP does not check all Restriction columns used in DAC, like BW does. If a User has access to one Dimension, user has access to * for all other Dimensions used in the DAC.

If the source for the authorization view/table is BW (loaded regularly from BW system into a secure DSP space), then we always should have both dimensions correctly populated. But in case not, we bypass security.

Multiple Single-Dimension DACs:
Better approach is to use multiple DACs --> implicit "AND", with the mandatory requirement to have at least one Restriction/Criterion row, all DACs must have the user populated, else nothing will be shown.
Example:
User has maintained access to 0PLANT, but 0COMP_CODE is missing.
DSP: User will get "No authorizations" message
BW: User will get "No authorizations" message

We implicitly ensure, that the user has to be authorizes for all in DAC used Dimension. BW-Like behavior.

How-to simulate Multiple RSIOBJNM (compounded IOs as well):
Create Multiple (Single Dimension) DACs for each RSIOBJNM
Implicit "AND" ensures, that security will always fail in case the user has no values assigned to DAC relevant Dimension.

How-to simulate RSINFOCUBE with RSIOBJNM:
Create Multiple (Single Dimension) DACs for each RSIOBJNM and RSINFOCUBE
For the RSINFOCUBE: create a new dimension in each DAC relevant View, simulating 0INFOPROV. Assign PROVIDER_DAC to the new dimension.
How-to simulate RSINFOAREA:
Visibility cannot be adjusted withing a Space, but if RSINFOCUBE-like access is implemented, the users will not be able to access the data anyway.

Possible use-cases for Multiple-Dimensions DAC :
MasterData based DACs: Based on single Master Data objects, for example: all of it's attributes can be moved into single DAC. Easier maintenance/support. User is not expected to be for each MD-Attribute populated. 

Touples Dimensions based DACs: two different Dimensions (same master data/different view of the data) from the same source field

BTW: Nice new feature in DSP(RSECADMIN Execute-As): Now possible, however only in Views (not in Models / AMs yet).

Initial BW-Sec to DSP-Sec Blog: https://community.sap.com/t5/technology-blog-posts-by-members/bw-like-authorizations-in-datasphere-d...

Main Blog: https://community.sap.com/t5/technology-blog-posts-by-members/bw-vs-datasphere-dsp-amp-sac/ba-p/1428...