Authorization Groups in SAP - SAP Security Training Tutorials

Last Updated on August 13, 2022 by admin

What are Authorization groups?

Authorization groups are described as authorization fields as they secure tables and programs. The SAP system ensures that only authorized users has to access the system to a particular data. It is very important for every organization to protect confidential data against unauthorized access so it is important to concentrate on the usage of the authorization group. For example, Tables are secured with table authorization groups by defining authorizing groups in table TBRG.

By using the t-code “SE11” table authorization groups are defined for the assignment of individual tables.

Authorization Groups in SAP

Let’s check different types of tables of authorization objects, such as the TOBJ table, TACT table, and TBRG table.

TOBJ Table

Enter transaction code SE16 in the command field and enter, enter the table name in the field, and press enter.

tobj table

Click on execute (F8).

Authorization Groups in SAP tobj table

Here you can see that table contains all the objects, fields, and fixed columns, and each field has activity as well as fields.

Authorization Groups in SAP tobj table overview

Tact table: –

Go back and enter tact in the table name. It stores the information of all activity and it performs on objects that you can create, modify and delete.

In the below table image we can check different activities like create, display, print, lock, and so on.

Authorization Groups in SAP tact table overview

TBRG Table

TNRG contains all the authorization groups that provide information about the relation between object and authorization groups. In table we can different fields with MANDT, BROBJ, BRGRU and BEZEI.

Authorization Groups in SAP TBRG table overview

Maintain authorization group in TPGP and allocate authorization group to programs that we want to secure in TPGPT. Authorization groups can be assigned to one or more programs, but programs are assigned to only on authorization group. We can assign a program authorization group in the program by using transaction code “SE38 and SA38” in SAP.

So the user requires authorization to authorize the authorized program with fields that contain authorization groups. In this way, we can restrict unauthorized user to access the data and securing confidential data.