Authorization group in SAP is a client’s specific key created in a master record or in the customizing settings of the Funds Management and can be specified in a certain authorization objects in Fund Management while defining authorizations. It simplifies the grounding of an authorization concept in funds management by assembling as one the authorizations meant for a master record. Authorization group agree to extended authorization protection for a particular object and are defined directly in the relevant master records or customizing settings. They occur in authorization object together with an activity.
Creating an Authorization Group
TOBJ is the table that contains all the authorization objects while TACT is the table that includes all the activities and TBRG is the table that contains the definitions of the entire authorization group. It also contains all authorization group and provides information about the familiarity flanked by authorization group and the authorization object. Also note that, TBRGT is the table that defines all the description of the authorization group and BRGRU a field name for an authorization group and is used to create supplementary restrictions on authorizations.
On the other hand, there are fields that must be checked to authenticate user authorizations. The group is one of the two authorization fields. In authorization object, the object S_TABU_DIS in object class BC_A is used for maintaining tables. It also controls access using the standard table maintenance tool.
S_TABU_DIS is an authorization object that has the DICBERCL fields which is an authorization group with maximum field length of four characters and ACTVT field used to display the table content. One can define authorization group under basic data in the master record of commitment items, fund centers and funds and also for the Fund Management account assignments in the authorization object S_TABU_DIS.
In general, SAP standard tables are assigned to authorization group and at the same time these assignments can be changed. You are able to assign tables manually to an appropriate authorization group. When doing this, first start Transaction SM30 for the maintenance view V_DDAT then create an entry used for each of these tables. In V_DDAT and store the assignment of tables used to view authorization group in sap. It is also a cross-client, for that reason it can be used and viewed in all clients.
When creating an authorization group, you will rely on the requirement; In other cases, for table authorization, the groups must be available in a custom table before they are used. At times, authorization group are merely created when they are assigned to the object in a standard maintenance transaction like the vendor master data, customer master data, material master data and many more.
What should be noted about this creation is that if you do not make a selection, all tables that are maintained in customized transaction are assigned to authorization group.
Authorization group in sap are for all intents and purposes labels that you assign to objects like tables, programs, master data and such like objects, but they permit authorization checks for right of entry to the object with the label.