you are right. users cannot create dimension values from following paths; Instead they can just view from these paths
General Journal >> Setup >> Organization >> Business Unit
General Journal >> Setup >> Organization >> Cost Center
General Journal >> Setup >> Organization >> Department
Moreover, about finding security Roles, you have to use this add-in inside AX AOT. SQL server don't knows anything about AX security.