Hi Krishna,

What S_TABU_NAM does is providing authorization for tables by table name instead of auth group of that table, for example you have given 03(display) activity for authorization group ZZ in S_TABU_DIS, now there is a table ABC which has auth group ZZ and you need change access to it so we add S_TABU_NAM with 02 activity and give table name as ABC. This way you can protect other tables of that auth group and give access only to the intended data.

S_TABU_DIS has two fields:

Activity    - to define the kind of access for the table authorization group
Table Authorization group - contains the table authorization group for which the access specified in activity is given

All the tables belong to some authorization group. The tables that does not belong to group are grouped under authorization group &NC&

S_TABU_NAM has two fields :

Activity    -  to define the kind of access for the table Name
Table Name   - Name of the table to which the access specified in activity is given

S_TABU_CLI has one field - CLIIDMAINT which can have value

X  - if client independent tables access is givev
' '- if client independent tables access is not given

When accessing any table via SE16, SE16N, SM30 etc the authorization check for S_TABU_DIS is checked first.

If auth check is successful, access is granted as specified in activity(02 for change and 03 for DIsplay)
If auth check is failed, auth check for S_TABU_NAM is done.

If S_TABU_NAM auth check is success, access is granted as given in activity specified in S_TABU_NAM.
If S_TABU_NAM auth check is failed, access is not granted.