Hi Jonathan,
Access to specific tables could be restricted using authorization object S_TABU_DIS. It enables authorization checks for displaying or editing table content and includes access through the Customizing system. The DICBERCLS field in this object contains the authorization for tables according to the authorization groups defined in table TDDAT.
You need to check the table name where tolerance group stored and then you can assign the table into security auth group.Then this security group can be added in object S_TABU_DIS for restriction.
Regrads,
Varun Jain