1.Line Oriented Authorization Check for Custom table:
Goto following menu path from SPRO Transaction: customizing entries in the IMG under SAP NetWeaver/SAP web application Server
à Application Server àSystem Administration àUsers and Administration à Line-oriented Authorizations.
Step.2. Click on Define Org.Criteria:
In here create new criteria by pushing the “New entries” button.
In this example we will like to control access based on the key field Country, in order to do so create a criteria called Z_Country_Grp,
with the name Country Grp. If we flag the table-ind flag the criteria will affect maintenance of all tables whose key fields are related to the domains specified in the attribute later.
In this example we only want to control the access to the specific table ZMYTABLE – so we will leave it blank
Step.3. Save the entry and assign it to a transport request.
Now mark the created line and switch to attributes
Create a new entry with the data shown below.
Save it and assign it to the transport request.
Notice that you can have up to 8 organizational criterion attributes.
Now we need to assign a table and a field to our attribute
In order to do so mark the attribute and switch to Table Fields
In here create a new entry and assign, in this example, the table ZMYTABLE, and the field name country to the attribute.
Please notice that only Key fields can be used !
Save and assign to transport request
Now we are ready for activating our organizational criteria – this is the second bullet in the IMG
Just check the active flag and the check is activated.
--x---
Incorporate the authorization object in a role
We have now implemented the authorization check; next step is to implement it in the required roles.
In this example I have created a parameter transaction – ZMYTRANSACTION - using SM30 around the table ZMYTABLE. I have create a small test role ICC_TEST, including only the transaction ZMYTRANSACTION, and a few “support” transactions.
In the authorization part – I have inserted the object S_TABU_LIN manually – (best practice is of course to assign it in SU24), but a manual insert will also do the trick J
Now when we change one the authorization fields by pushing the pencil – the profile generator will ask us for the criteria.
Here we chose the Z_COUNTRY_GRP criteria that we have created.
We’ll now get the following popup, in this case we will grant change access, so we choose 02 – Change for activity
In the list below we’ll see the Organizational Attributes that we have created – we have the option to use up to 8 attributes – in the example we had only defined one attribute – “Country Grp” - we assign the value DK – thus only granting access to records with DK in the key field country.
To transfer the selection back to the profile generator press th transfer button 
or press F5.
Now we just need to generate the profile and assign it to a test user.
Now when this test user signs on to and executes the transaction only entries for Cty DK is displayed.
If the transaction is executed by a user with SAP_ALL all records are displayed,
