If you do it for security purposes, that might be alright. But you don't monitor the work performance of one/every employee with every transaction (and time-stamps on that) without the consent of said/every employee.
I can't think of a SAP-using country where this doesn't have legal implications.
Message was edited by: Mylene Euridice Dorias Just to clarify: security purposes means external calls, RFCs, the use of an emergency user etc. It does not mean: all users regardless.