A Deep Dive into Using TDDAT_COMPARE for Table Authorization Group Alignment
Simplify the way you are managing authorizations groups in SAP
Is your SAP system audit-ready when it comes to table-level security?
In many landscapes, mismatches between custom and SAP-delivered table authorization group assignments go unnoticed—until an audit exposes them. With increasing scrutiny on data access controls, staying aligned with SAP standards is not just good practice—it’s a compliance imperative.
This powerful report helps you quickly identify and reconcile discrepancies, ensuring your system is clean, consistent, and defensible during audits.
In SAP systems, maintaining consistent and secure table authorization group assignments is crucial for data integrity and access control. One of the lesser-known but highly effective tools in this context is the SAP standard report TDDAT_COMPARE. This blog explores how to use this program efficiently and why it plays a vital role in post-implementation and support package scenarios.
What is TDDAT?
The table TDDAT stores the assignments of SAP tables to authorization groups. These groups play a critical role in controlling access to tables via authorization objects S_TABU* such as S_TABU_DIS, S_TABU_NAM etc.,
However, during system upgrades, support package imports, or SAP Note implementations (via SNOTE), discrepancies can arise between the current system’s TDDAT entries and those delivered by SAP standard. This misalignment can lead to data inconsistencies and potential authorization risks.
Why is TDDAT_COMPARE important to use?
When SAP delivers updated table authorization group assignments through support packages, it cannot directly overwrite existing TDDAT entries. This is intentional—to avoid overwriting customer-specific changes.
As a result, manual verification is required, but combing through every affected table is tedious and error-prone.
This is where TDDAT_COMPARE becomes essential. The report automates the detection of mismatches and provides you with a side-by-side comparison between:
What’s in your system currently, and
What SAP recommends as the standard.
With just a few clicks, you can align your TDDAT entries with SAP’s recommendations—saving hours of manual work and ensuring consistency across your landscape.
Let’s understand with an example:
Imagine the table USR02 is currently assigned to authorization group SC in your SAP system. After applying a support package, SAP recommends it should be reassigned to SPWD. Manually identifying this change is time-consuming, especially when multiple tables are impacted.
By running TDDAT_COMPARE, you can instantly see all such mismatches, like:
This empowers you to review, validate, and implement all relevant changes efficiently and selectively.
How does this program work?
TDDAT_COMPARE compares the table authorization group assignments delivered by SAP via support packages with the data in the system and will synchronize table authorization assignments for table with the SAP Standard recommendations. However, you can choose which of the proposed changes to implement.
NOTE: It is recommended to use this report after importing a support package to check the table authorization group assignment.
Further information about the program:
Once you run the program in your SAP system, it displays a list of table authorization groups that deviate from the SAP standard as shown below:
To make the required changes i.e., update the table authorization group, select the line-item and click “Comparison” button.
Once you click this button you will be prompted to create a workbench request. You need to capture the changes into the TR and give the target system in which you wish to make the same adjustments.
This reduces time by eliminating the need to run the report in each of your SAP landscapes.
CAUTION: These adjustments can have a considerable effect on your table authorization concept. Before making the changes make sure you have selected the line items properly.
By double-clicking the authorization group fields you can check the usage of the selected authorization groups in roles.
Additional Features of the Report
Extended List: Shows all tables where SAP has made proposals, including those already aligned.
Standard List: Displays only the tables with mismatches. This is typically the most relevant view.
Set Status: Creates a timestamp indicating when the comparison was performed—useful for audits and documentation.
Usage Check: By double-clicking an authorization group, you can review all roles using that group and their user assignments. This helps assess the impact of each change.
Final Thoughts
The TDDAT_COMPARE report is a valuable but often overlooked tool in SAP Basis and Security operations. It simplifies the process of ensuring your table authorization group assignments align with SAP’s standards, especially after support package implementations or SAP Note corrections.
Integrating this check as part of your post-patching or release QA process can enhance system consistency, reduce manual effort, and improve audit readiness.