≡ Menu

Authorization Groups in SAP

Authorization groups

Authorization groups are described as authorization field as they secures tables and programs. The SAP system ensures that only authorized users has to access the system to a particular data. It very important for every organization to protect confidential data against unauthorized access so it is important to concentrate on usage of authorization group.  For example Tables are secured with table authorization groups by defining authorizing groups in table TBRG.

By using t-code “SE11”  table authorization groups are defined for assignment of individual tables.

Authorization Groups in SAP

Let check different types of tables of authorization objects, such as TOBJ table, TACT table, TBRG table.

TOBJ Table

Enter transaction code SE16 in command field and enter, enter table name in the field and press enter.

tobj table

Click on execute (F8).

Authorization Groups in SAP tobj table

Here you can see that table contains all the objects, fields, fixed columns and each field having activity as well as fields.

Authorization Groups in SAP tobj table overview

Tact table: –

Go back and enter tact in the table name. It store the information of all activity and it perform on objects that you can create, modify and delete.

In below table image we can check with different activities like create, display, print, lock and so on.

Authorization Groups in SAP tact table overview

TBRG Table

TNRG contains all the authorization groups that provides information about relation between object and authorization groups. In table we can different fields with MANDT, BROBJ, BRGRU and BEZEI.

Authorization Groups in SAP TBRG table overview

Maintain authorization group in TPGP and allocate authorization group to programs that we want to secure in TPGPT. Authorization groups can be assigned to one or more programs, but programs are assigned to only on authorization group. We can assign program authorization group in program by using transaction code “SE38 and SA38” in SAP.

So the user requires authorization to authorize the authorized program with fields that containing authorization groups. In this way we can restrict the unauthorized user to access the data and securing the confidential data.