Why implement the SAU in the PE if you have an IDAU and multiple masters with the same IDAU as the PE?
If the PE has an SAU, the PE will have a different security view of the system then the other masters.
Is this not an issue?
The IDAU can also be used to operate as a "default" security configuration before the SAU is fully configured.