Hi Debajit,
shame - that means you also don't have anybody, who can do full reporting?
last resort would be the authorisations BAdI, but that's a big task, if you are not using it already for other tasks. Also: it only works, if PU00 uses PNP or PNPCE and doesn't have hard coded auth checks - there is some hope this is the case as the Modul pool assigned is SAPMP50A - the same as transaction PA30, but you never know, what happens in the background.
Prepare your management for an unpleasant wake-up call, when they have to move to the cloud. SaaS usually doesn't accommodate paranoia-driven worst practice as easily as on-prem where you can change all the coding 
best of luck (you'll need it for the management, not the system)
Sven