SAP Table is a Critical piece in the SAP Audit Compliance. The auditor should identify all the custom tables in the SAP System. The First Step is to find the authorization group of the Table. This can be done with transaction SE11. Enter the table and click on Display button. Then click on Table Maintenance generator from the utility menu to display the Authorization Group of the table.
If you want to get the list of all the tables and their authorization group and the table TDDAT has the link between Table and auth group. With this list, you can identify the table without authorization group, misrepresented authorization groups and right authorization group. You may need to get help from the functional team to understand the right authorization group. It is good to identify the sensitive vs the non-sensitive and also functional team so you can clearly articulate which role can have access to the tables
SAP Table Authorization Concept
Table creation is controlled by S_DEVELOP which is checked when the users use transaction SE11. for using the transaction in the creation mode the user has to be registered and have a developer key.
SAP Table data entry is controlled be S_TABU_DIS and S_TABU_CLI ( Client Independent table) The transaction which can help the user enter data into the table are SM30, SE16, SE16N). SE17 can purely display the transaction.
The SAP Authorization group S_TABU_DIS has Activity and Auth group fields
The SAP Transaction SE54 is used to assign authorization group to the table