Hello,
Yes,the authorization object GRAC_ROLED is to restrict the role with respect of connector group only,
I dont think we have any other authorization objects with field GRAC_LDSCP (Connector Group) to restrict create/updatem of risk and functions in GRC
As a work aroung you can create custom authorization objects by copying GRAC_RISK,GRAC_FUNC and include the field GRAC_LDSCP (Connector Group)
Regards
Baithi