LiveCompare table security
The LiveCompare function which retrieves SAP table metadata checks for the authorization object S_TABU_DIS; if that check fails, the function checks for authorization object S_TABU_NAM.
SAP_TABU_DIS secures tables on the basis of permissions:
ACTVT (Activity)
- 02 (change) and/or 03 (display)
DICBERCLS (Authorization group)
Authorization groups are delivered by SAP and may contain one or more tables. Customers may also create their own authorization groups. If a user is assigned a particular group in S_TABU_DIS, they can only access (display and or change) the tables in that group.
The S_TABU_NAM authorization object may be used to avoid a limitation of S_TABU_DIS, where all the tables in an authorization group have the same access. An example scenario might be to give display access to all the tables in an authorization group, but restrict write access to just one particular table in the authorization group.