In addition to S_TABU_DIS (also: check out S_TABU_NAM because most of the MM-tables are in the same range - so that might be an alternative) you can restrict access to the SPRO-tree to the MM-functionalities by not granting authorization for transaction SPRO, but just for the specific menues like OLME, OLMSRV etc.
Or, you can go a little out of your way and use Customizing Projects in transaction SPRO. Create a project, assemble the MM-tree you want in the project and assign the people working on that project. This has the additional benefit of collecting all the transports to that project - which you can see from the project view (extremely helpful! you never forget a transport when going live! this helped me a lot in the past). Here's the documentation, in case you're interested in this tool. Needless to say, your authorization problem can be solved this way: by granting access only to that one project.