Authorization Checks

What is the use of Authorization Checks?
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
· Starting SAP transactions (authorization object S_TCODE)
· starting reports (authorization object S_PROGRAM)
· Calling RFC function modules (authorization object S_RFC)
· Table maintenance with generic tools (S_TABU_DIS)

In coming posts, we will see how to add authorization checks for Reports and transactions.
Today we will discuss about table authorization checks.

Purpose of assigning authorization groups for tables:
You can assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.

Now we will see how to assign/create authorization group for a table:
Go to SE54, Give the table name and choose authorization group and then click on create/change. You can create an authorization group.
Example:
You can assign a table to authorization group Z001. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z001 in the field DICBERCLS (authorization group for ABAP Dictionary objects).