Hello,
I'm just curious and could not read this in your example: have you tried to explicitly list objects with read access in the profile? like: ZOM_TEST_01 11 01 C 80000003
Am I getting this right?
The problem with your approach: If this is going to be implemented for your whole organization using structural authorizations (which is usually quite large) you will be getting a long list of change request if new Cs are going to be created or old ones are going to be moved within the organization (and therefor to different responsibilities). I would recommend to check new customized relationships with own evaluation paths (OOAW) e.g. from one Org-Units instead of ABAPs. Then this can be maintained dynamically by the business instead of IT including the whole development/test stuff on DEV-/QA-/PROD systems.
Regards
Peter