User administration (transaction SU01)
Unclear objectives and lack of definition of own security standards
If you want to set the table logger check for multiple tables, you should note that the principles for changing Dictionary objects apply, i.e. you will generate increased system loads in running systems. Therefore, you should make both the modification and the transport of the changes outside of business hours. The SAP system only provides customising tables for table logging by default; so you don't have to worry about performance. Tables that serve to customise typically contain relatively little data that is rarely changed. However, you should not turn on table logging for tables that are subject to mass changes, as there may be performance and disk space issues. This applies to tables with root or movement data. After all, if table logging is enabled, a log entry in the DBTABLOG table is generated for each change to the contents of a logged table.
SAP NetWeaver 7.31 introduces a new method for determining affected applications and roles by timestamping (see tip 45, "Using the timestamp in the transaction SU25"). With the Support Package 12 for NetWeaver Release 7.31 and Support Package 4 for NetWeaver Release 7.40 from SAP Note 1896191, the Expert Mode function for taking SU22 data for step 2 has been added.
General authorizations
You probably know this. You find a specific customising table and you don't find it. Include the tables in the guide and they are easy to find. Customising is used by almost every SAP customer. Custom customising tables are created and standard programmes are extended. A custom programme that uses customising is written quickly. Project printing often lacks the time for sufficient documentation, for example in the SAP Solution Manager. The easiest way is to find customising tables where they are in the SAP standard: in the SAP Introductory Guide (IMG).
It must be clarified in advance what constitutes a recognized "emergency" in the first place and which scenarios do not yet justify activating the highly privileged user. In addition, it may only be approved and activated after a justified request and only under the dual control principle. After use, it must be administratively blocked again immediately.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
First, however, you must ensure that SAP Notes 1648187 and 1704771 are installed in your systems.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
These files are called *.pse and cred_v2.