Hi
When you build role by transaction assigning, system gives you only authorization objects set in configuration as "proposal" (SU24).
For PA20 it can be P_ORGIN-AUTHC=R with all other fields empty.
Technically in ABAP programs authorization check code is placed for specific authorization object values.
If user have any role with P_ORGIN-AUTHC=W the system lets you go forward in PA30, if not - authorization error - no access.
Regards
Przemek