I have recently conducted an User Access Review in SAP and have a number of users who have access to multiple SAP Modules (provisioned collectively via CUA) and, as an outcome of the review, one of those modules requires removing from the users profiles. I planned to remove the access to the particular Module (I'll use FI as an example), however the SAP Security Administrator has advised that if I remove the system in SU01 in CUA via the system tab, the logs of the users activity history will be lost as a result, is this true?
Is there away around this and/or what is the most secure approach to removing a users access where a user has access to multiple modules but only require the removing of 1 users access?