Nice post on SSAS security. That is a part of SSAS (and most products for that matter) that is not reviewed enough in my opinion.
I have used many of the same methods that you are using to define roles except I am doing it in a production environment and using actual AD account names versus local Windows user names. Downside there is that I cannot create roles based on groups unless I create a Windows group and put the AD accounts in there or there is an AD group with the users in it already that I can then use in my role. Where there is a will there is a way!
Have you tried using perspectives in SSAS as well? Also, did you attend any sessions on SSAS partitions and aggregations?
I haven't had the chance to experiment with perspectives yet, but am definitely keen. Same for partitions and aggregations - I was in some sessions where they covered them (both of the full day pre-conference seminars - Brian and Devin Knight, and Pete Myers), but haven't jumped in just yet. Right now I'm in the process of migrating my prototype onto a dev box on our network, so I can schedule some show-and-tells!