The most important tables in SAP authorization management

In SAP, tables are a very effective way of obtaining information in daily authorization work. They contain all relevant data stored in the system about roles, users, etc.

An overview of the most helpful tables can be found here:

Tables about roles

AGR_1016Activity group profile name
AGR_1016BName of the activity group profile
AGR_1250Authorization data for the activity group
AGR_1251Authorization data for the activity group
AGR_1252Organizational level for the authorizations
AGR_AGRSSingle roles in composite roles
AGR_DEFINERole definitions
AGR_HIER2Structure information of the menu – customer version SAP roles
AGR_HIERTTexts for the role menu
AGR_OBJAssignment of menu nodes to the role
AGR_PROFProfile name for the role
AGR_TCDTXTAssignment of roles to transactions
AGR_TEXTSStorage structure for hierarchical menu – customer
AGR_TIMETimestamp for role (menu, profile, authorizations)
AGR_USERSAssignment of roles to users

Tables for general authorizations (Customizing)

DEVACCESSTable for development users (developer key)
PRGN_CUSTCustomizing settings for authorization system
SSM_CUSTSetting values for Session Manager / Profile Generator
TOBJAuthorization objects
TOBJCClassification of authorization objects
USOB_AUTHVALTRCResult of authorization trace
USOB_MODApplications for Upgrade Profile Generator
USOBHASHAuthorization trace for services: Hash values
USOBTRelation transaction – authorization object
USOB_CRelation transaction – authorization object (customer)
USOBT_CDChange history of authorization default values for
field values
USOBT_TSTMPLocal time stamp of the last SAP change (USOBT)
USOBXCheck table (for table USOBT)
USOBXFLAGSTemporary table for storing the changes in table USOBX/T*.
USOBX_CCheck table for table USOBT_C
USOBX_CDChange history for check indicator
USOBX_TSTMPLocal time stamp of last SAP change
USORGOrg levels for profile generator
USR_CUSTCustomizing settings for user / authorization system

Tables about users

USER_ADDRGenerated table for view USER_ADDR
USGRPUser groups
USH02Change history for logon data
USL04COA: Assignment user to profiles
USLA04COA: Assignment user to roles
USR01User master (runtime data)
USR02Logon data (kernel-side usage)
USR04User master: Authorizations
USR06Additional data per user
USR10User master: authorization profiles
USR11User master: Texts for profiles (table USR10)
USR12User master: Authorization values
USR13Short texts for authorizations
USR40Table for forbidden passwords
USRBF2User buffer contents for fast RFC logon
USRBF3User buffer contents for fast RFC logon
UST04User master records
UST10CUser master: collective profiles
UST12User master: authorizations