Yes the total authorization concept is an intersection of structural and general authorizations. The difference however, is that you could think of it the following way:
Structural authorization provides the authorization for whom (i.e. the population of employees) you can change data, whereas general authorization provides authorization for what data can actually be changed.
Of course, general authorization also provides for a distinction of which groups of employees you can change/display data for, so you should think of structural authorizations as an additional tool to authorize for specific groups of employees.
The maintenance flag (checkbox) only influences which objects returned via the structural profile & evaluation path can be maintained. It's competely unrelated to infotypes in PA30.
In short and simplified:
Structural authorization determine WHO you can make changes for.
General authorizations determine WHAT you can change.
Now onto your issue. If this is the only role with the P_ORGIN object assigned to your testuser, then it should not be possible that this user has any write authorization at all.
The P_PERNR object as you have created it, only excludes this user from changing his own IT0008 records. So there should be additional authorizations assigned to this user one way or another... 
Are there any other infotypes that this user is allowed to maintain?
Hang in there, we will figure this one out 
Regards,
Dimitri