Robert is right in stating that you should only focus on following authorisation objects:
CRM_ORD_OP (this does not really limit on transaction type itself, but using this, you can give access to any document type supposing you are maintained in a predefined partner function within a particular business transaction (e.g. employee responsible)
CRMD_ORD_PR (limit on proces type and activity)
and
CRM_ORD_LP (based on org model assignment where you can limit also on proces type and activity
your requirement to be honest is peanuts, which I have realized dozens of times..but you have to understand how to model a complete authorisation concept in CRM WEBUI 7.0 , which involves designing a concept based on business rol config / config key, navigation bar profile/ and standard authorisation objects behind your navigation links which basically are external services.
If you need to learn more about CRM authorisations, you are welcome to visit my blog
sapuniversity.eu where I posted dozens of articles specifically on CRM authorizations
cheers
Davy