Sandeep,
???? When you test this change, you will find out the deficiencies. Youare going to test, right?
Your larger concern should not be 'what you have missed', it normally should be 'what have you included that is not required' to this new userid, who will essentially be anonymous. If you only want to ensure that you don't miss anything, then assign SAP_ALL composite profile. 
Anyhow, the info (recommended roles for ATP user) that you requested is also contained in the security guide I mentioned earlier.
As always, your company may have an authorization strategy that differs from SAP's strategy. You may have to tweak SAP's recommended standards in order to meet all your internal business requirements.
Best Regards,
DB49