Vijay - I dont believe that there is a technical solution by using the SAP Authorisation concept for this. We have controlled this scenario by embedding the Firefighter tool. In summary, the Security Team have to invoke Firefighter process to modify accounts in the Basis And Security functions. The activities are logged which is the control to monitor which accounts are being modified.
All user maintenance transactions are not allocated the SAP Accounts.
The methods that are called by SU01 perform a check on User Groups versus individual users. To fulfill your requirement, you would need to build a custom solution, i.e. perhaps a user exist that performs this check in addiiton to utilzing a custom auth object.