Hi!
I created the role with transaction MD01 only.
System generated two Authorization Objects:
1. S_TCODE - Transaction Code Check at Transaction Start:
MD01
2. M_MTDI_ORG - Organizational Levels for Material Requirements Planning:
MRP Controller (Materials Plan...
Activity types in materials pl MRP: total planning
Plant Unmaint. org. level
Next, I can don't write values of "Plant" or "MRP controller" in Authorization Objects M_MTDI_ORG. I can even delete Authorization Objects M_MTDI_ORG!
But the user with this role(only this) still can not only open MD01, but successfully complete planning. For any Plant or MRP controller.
Why it don't work? What i can do? I need to limit user authorization and i don't want to create Z-transaction for it 
Thank you
Best regards,
Evgeniy