Hi
In standard there is no common authorization check against table column.
It depends from program code.
You can create your own Z* to achieve this.
Another approach is to use some kind of gateway SAP<->DB.
Software which monitor DB commands from SAP and block restricted to some users actions.
I think Guardium for DB2 can do this.
Regards
Przemek