What is the authorisation object that is triggering the no authorisation message? Use SU53 for this information.
As a general principle, if a user needs an authorisation to do a task for which there is a business requirement, they are given the authorisation. Presumably there is a business requirement, so the authorisation concept should be updated.
Use of unreleased function modules is not supported by SAP; so it is not a good idea.
I would return to the client and tell them the options are
1) Modify the authorisation concept - fully supported by SAP
2) Suppress via SU24 - which will cause a massive stink if the client has an external security audit
3) Use unreleased function modules which are not supported by SAP
Then see what their response is. Usually a business requirement trumps everything, and suddenly option 1) becomes acceptable.