Hi Experts!

We have audit requirement to review all direct changes/update made during client opening period. Does SAP suggest best practice for client opening process ? For example locking all other users during client opening period. Or do we have any option during client opening process which address the direct config security threat for cases where other users are not locked.

This is not a technical issue but a query on best practices for direct changes in production system. For example number range update using tcode SNRO. Such direct changes require client setting to be changed from SCC4 & SE06 tcode . (Done by basis team)

Audit control checks all direct changes done in production system and client opening instances.

During client opening we have risk of unauthorized changes done by other users during client opening period. Because system become venerable during the period. So what is SAP suggested best practice to handle such situation ? Does all other users required to be locked during the period ?

In tcode SCC4 there is an option for "changes and transport for client specific object " - "Automatic recording of changes" Does this option help to capture audit trail for direct changes ? Or if its possible to generate audit trail for direct config changes