Whenever a transaction is started, the kernel uses the transaction code as the value to check against the authorization object. This check always takes place (from Rel. 3.0E) and cannot be deactivated by the developer.
The authorization object checks the following fields:
TCD Transaction code
Specific Use Cases
UC00016— How to define authorization object S_TABU_DIS to access transaction / table AISUSER?
UC00038— Manage Access to Business Rule Framework plus Workbench UI