13 Jul 2018

SAP’s new Indirect / Digital Access Model. Stick or twist?

THE BOTTOM LINE –

“SAP’s new indirect access model gets rid of Named User licenses for indirect access and is fully based on documents created. This raises the choice between staying with your old model, or going with the new model.”

Depending on your contract and your scenarios, the cost difference between the two choices can be substantial and it can fall either way. You can make an informed decision by reviewing your indirect access use cases against both models. SAP is developing a measurement tool for indirect access, so they are serious about compliance on this topic.

What’s new, What’s the fuss?

April 10th, SAP has finally come out with a new licensing and pricing model for indirect/digital access. The move addresses long-standing confusion among SAP customers on this topic. SAP also aims to calm their customer base after their successful high profile €60M court case against Diageo, and the settled $600M claim against Anheuser-Busch InBev.

There have been lots of reactions to the news and the accompanying organisational changes, mainly on a high level and to the extent that it’s a step in the right direction but much remains to be worked out. Now the dust has settled, I will dive a little deeper into the practicalities and argue that all SAP customers will have a complicated and impactful choice to make between staying with the old model or going with the new.

First, what has changed in the new model?

Named User licensing for indirect access is out the window. So far, human access has been the basis for licensing, at least in a large majority of indirect use cases. Not anymore, welcome to Document-based licensing. It is very similar to the latest licensing of Order-to-cash (O2C) and Procure-to-Pay (P2P), which are based on the sales order and purchase order documents when entered indirectly into S/4HANA.

SAP customers will have a complicated and impactful choice to make between staying with the old model or going with the new.

O2C and P2P will be morphed into one new Document-based model, together with 7 further functional areas (e.g. manufacturing and financial) which were previously licensed by Named Users. Documents in any other area will be free-of-charge. Also new is that the 9 areas will count towards one single license type, the Digital Access Document. There is still some pricing differentiation between the 9 areas in how they are counted.

The next big change is that only the initial creation of documents is counted. Subsequent reads, updates and deletes are included. High impact! I have assessed many hundreds of indirect access cases and of those which needed a license, a very large portion had to do with users changing or reading existing documents. Those would be free-of-charge in the new model.

SAP highlighted many times that automatically created follow-up documents are free-of-charge. For example, you would pay for an initial sales order, but not for the following invoice if this was created automatically without more external input. This may sound good, but you will still need a second license when a follow-up document is triggered by external input. Whereas in the old model you can recycle a Named User license over multiple use cases.

Do I like the new model? Well, I like that it’s an outcome-oriented model, counting actual business value. Also, the concept is simplified.

The new indirect access measurement functionality will have many complications, but SAP will use it to chase revenue nonetheless.

On the other hand, I am worried about the vital practicality of counting the beans. It will have to be determined which documents have been created via an external interface (new Document licensing), versus those created in SAP (Named User licensing). For the 7 years, I spent as a licence auditor at SAP, the sales order processing measurement was declared ˝unreliable”. Then about 2 years ago, the long-awaited and by SAP sales execs much-anticipated new functionality finally became available – only to be downgraded by SAP to “unreliable” a few months later… This serious difficulty will now be extended to all 9 indirect access areas. Be prepared that as a customer, you will end up having to do the work of counting correctly. Still, you can rely on SAP to use the measurement to start a discussion on indirect use, even if you remain on the old model.

Also, SAP have not published the list price of the Document license, but I expect it to be rather high. We’ve seen in the indirect use roll-out of May 2017 that the prices for sales orders skyrocketed by a factor of 6 to 300 for B2B and 2 to 10 for B2C, and purchase orders by a factor 5 to 25, depending on which volume tier you’re looking at. The fact that sales and purchase orders will be counted per line item in each order must result in some reduction of the unit price. I expect the Documents to be priced a few times higher than the pre-2017 sales orders.

How about the old model?

SAP have stated the obvious in that customers can choose to stay with their current contract and user-based licensing for indirect use. Given the complications outlined above, aren’t you better off just staying with the old model? Well, you would continue to pay for scenarios where documents are indirectly changed, read or deleted, unlike under the new model. As said, this affects a large portion of indirect scenarios, so this aspect has the potential for very substantial savings when changing to the new model.

Another point is that your indirect use may have been under the radar for a long time, but with the new measurement functionality planned for release in November 2018, this will likely change. It won’t matter if the indirect use will be measured in the metric of the new model or that it’s inaccurate, if there’s a lot of smoke then SAP will start looking for fires. Currently, if you review your indirect access cases and proactively approach SAP to solve compliance gaps- any back maintenance will be waived; whereas this is unlikely if gaps are uncovered in the annual audit via the new measurement.

SAP has also published an indirect access audit practice for the old model. The aspect I find most interesting is that SAP will not pursue licenses for creating and changing non-transactional data – that’s any data which is not business-process centric, rapidly changing or event-driven. A substantial concession!

As part of the audit practice, SAP have formulated an indirect access assessment decision tree. I am skeptical of its accuracy. If you follow it for the example of automated writing of sensor data to SAP, the tree would tell you that you need a dedicated license. In my opinion, such fully-automated use cases do not need an indirect use license under the old model, as a Named User is for human individuals (though great care is needed in assessing such scenarios). So on this aspect, the new model is worse as it requires a Document license.

Coming to the crux of the matter, SAP has outlined 2 options for moving to the new model: 1) license exchange within your current contract and 2) contract conversion. License exchange means that you will get a credit (of up to 100%) of licenses you no longer need for indirect access (users, sales orders and purchase orders). Contract conversion is quite drastic and means moving to S/4HANA with a whole new contract.

In a webcast by the Americas’ SAP Users’ Group, I heard that SAP are not unwilling to consider mixed legacy/new licensing on a case-by-case basis. Very interesting! I see how this could be very advantageous depending on the customer situation and I think it can be done without adding much complexity.

I envisage a few tricky scenarios as customers sign new agreements. For example, what happens if you stay with the old model and at some stage sign a new agreement for unrelated products? We advise SAP customers to read all the fine print, to ensure that they don’t inadvertently sign up to the new model, especially regarding indirect use scenarios with a go-live after April 2018.

The third option is to do nothing. Decision time!

Should I stay, or should I go?

An informed decision whether to stay with the old or go with the new will require careful review of all scenarios against both the old and the new model. Even if you are compliant now, you may uncover more surplus assets and take the one-time opportunity of trading this in for a new roll-out, e.g. a new cloud application. Normally this opportunity only exists when you make a substantial new investment.

Summarising the main benefits and drawbacks, I currently see that the old model performs better on fully-automated indirect access scenarios, price per document (O2C, P2P), and multi-scenario double-licensing. The new model scores better on the scope of licensable activities (document creation only), the scope of functional areas, simplicity of concept and measurement functionality (however poor it may be).

Both models have grey areas in assessing if (and how) indirect access needs to be licensed, but in my opinion, the new model is in this aspect.

How this all pans out for you will depend heavily on your system architecture and your current contract. It will also depend on the list price and on which discount can be negotiated. Your appetite for S/4HANA and your roadmap may make the difference.

Some attention points

1. The old model: Keep paying for changing and reading data, mainly via user licenses. Writing of non-transactional data will be waived.

2. The new model: Document-based licensing. Limited to 9 functional areas. Creation of documents only.

3. New measurement functionality for indirect access is planned for Nov 2018. Back maintenance probably won’t be waived if discovered in the annual audit.

Take away message

Ignoring the new indirect/digital access model is not a good idea – the new measurement functionality may uncover pre-existing indirect use you were not even aware of, whereas compliant customers may miss out on an attractive opportunity.

Evaluate your indirect use cases against both the old and the new model.

 

Share this
14 Dec 2017

SAP Indirect Access Licensing As It Is Today

The SAP Indirect Access landscape has changed. Over the past two years, we have seen high profile court cases, the emergence of big disputes through the media, and landmark announcements from SAP on pricing models.

With the Diageo and ABInbev cases allegedly exceeding a combined $675 million it is plausible that since the Diageo case emerged in February 2017 that claims could have topped the $1 billion mark.

In this article, we give our view on all the current market factors with a view to bringing together a balanced view of where SAP customers stand. This is our ultimate guide to SAP indirect access licensing today.

Why listen to JNC? Some of the biggest global SAP users, law firms, and consultancies that we have worked with willingly and consistently testify that JNC is the leading experts in SAP licensing and more specifically SAP Indirect Access.

Indirect Access as it is today

Indirect Access is a bit of an overused phrase. In reality, you have licensed the use of third-party applications interfaced to SAP, and you have unlicensed usage. There is no magic license type for indirect usage, where in fact the SAP price list contains package and named-user license types adequate for the purpose. The challenge is knowing what licensing is and isn’t applicable in each case.

The question normally asked of us is: “do we have any indirect access”. The concern is that if the answer is yes that it’s going to cost you big, which isn’t necessarily the case. It’s highly likely that most medium to large scale enterprise will have third-party systems interfaced to SAP. The question should be “do we have the adequate licensing entitlement for the third-party systems we have interfaced to SAP ERP, and how they are being used”. Guess what, you may already have adequate entitlements or maybe just require more of an existing entitlement.

Practical Example

(Hypothetical)- “Web-Order-Central” enters 250,000 externally created sales orders into SAP in addition to the 250,000 entered directly by named-users. The client has the S&SOP package license (applicable if already on your exhibit) and has an entitlement of 300,000 orders. To many, this is a concern due to the shortfall of 200,000. Whereas in fact it could be adequately licensed usage. Where named-users have the right to enter orders into SAP, a unit of S&SOP is typically only required for externally created orders. So the 250,000 orders created by “Web-Order-Central” are covered by the 300,000 entitlement. This issue can be exacerbated by the fact that standard SAP audit tools typically don’t distinguish internally and externally created orders, measuring 500k orders versus an entitlement of 300k, making it look like a risk when the customer’s contracts and entitlements prove that not to be the case. As this is the Order-Cash-Process, apparently SAP’s new policy is not to charge named-users in this case, only the order processing package licensing is required.

Resolving Claims

JNC resolve most proactive indirect access reviews by establishing either a term of use in the contract that supports the usage in question or a package license or surplus of named-user licenses that are adequate to cover the as of yet unaccounted for indirect usage. In some cases, a customer has the right licenses just not the right quantity and the issue can be resolved without any fuss by simply by buying extra licenses in a smart way, for example as part of another purchase for another purpose. There is no need for concern unless unlicensed usage exposure is identified and to what extent. So the bottom line is don’t accept a proposal for indirect usage licensing unless you have read your contracts and checked existing entitlements.

We have successfully defended numerous indirect access licensing claims by identifying terms of use exist in the contract that caters for the usage in question, that somehow had previously remained undiscovered by SAP and the customer. It isn’t always that simple and sometimes we are required to re-frame SAP’s interpretation of the usage in question by clarifying technical and functionally what’s actually going on and why that doesn’t qualify as unlicensed usage under the terms of the contract. Remember, your contract is King.

So indirect access is a contractual issue first, and an entitlement issue second. If it’s still an issue after that and technical changes aren’t feasible then license fees might then be owed to license the usage compliantly in accordance with your contract. Furthermore, if you honour the trust model (disclosure versus discovery) you can avail of the licensing you require whilst retaining discount privileges. Whereas discovery of unlicensed usage by SAP typically results in list prices taking precedence, which could cost significantly more.

Why does Indirect Access even exist?

I have read a lot of SAP bashing around Indirect Access but I have two important points to make that are fundamentally important. The terms and conditions SAP typically rely on to pursue additional licensing fees for the use of third-party systems interfaced to SAP were introduced into contracts to combat license fee evasion. This is where a firm avoids paying licensing fees to SAP by putting third-party application between a group of users and SAP. The same transactions occur in SAP via an interface, only the users don’t have direct access or an SAP login and so “don’t require a license”. SAP is entitled to protect themselves against such practices. Secondly, SAP is entitled to pursue customers for unlicensed use of their software. There is nothing fundamentally wrong with this so long it is done fairly and proportionately. The issue, in our opinion, is this has not always been the case.

The Duke Memorandum, published by a prominent American IP lawyer sets out a legal argument against indirect access licensing policies as anti-trust and illegal: https://www.corevist.com/duke-law-professor-says-sap-indirect-access-license-fees-illegal/. It remains to be seen how this will apply practically and when and if we will see a case effectively argued on this principle.

It appears, apparently, in my opinion, (disclaimer!) that Indirect Access may have been used as an under-hand revenue-generating opportunity and as a beating stick to influence customers to buy into their SAP HANA and Cloud strategies. What do I mean? Well, it is feasible, potentially, (disclaimer!) that SAP could excuse discovered “non-compliant” use of third-party systems in exchange for investment in SAP HANA and Cloud product licensing in order to achieve broader customer alignment to these strategies. We have seen plenty of customers with unused HANA and Cloud license assets that appeared to be tied to a licensing dispute settlement, sometimes as a result of an indirect access audit.

Haven’t SAP become more “Empathetic”?

If you are familiar with the announcement made by Bill McDermott at SAPPHIRE 2017, you will be aware they changed their rhetoric to being more empathetic whilst also balancing the need to protect IP. They also announced that named-user licensing would not be applicable in order-to-cash and procure-to-pay scenarios. There were also some strange caveats in that announcement like “so long as the customer is otherwise correctly licensed” (Hala Zain’s blog). So what if they aren’t? Back to a free for all? I have also been privileged to a document, allegedly leaked from SAP, upon which this announcement was based. The document uses wording such as “commercialisation” and “strategic pricing”. My view of the announcement and the new “modernised pricing”, is that now they have done so, and satisfied the communities calls for transparent pricing, they will expect all customer to come forward and disclose their potentially unlicensed indirect usage and pay up if indeed additional license fees are required.

Indirect Access is an issue primarily where justifiable claims are not proportionate to the business benefit achieved. Where SAP has gone wrong is that in many cases this has not been the case. Namely Diageo, where the claim totalled £54.5m versus a total enterprise-wide investment of in excess of £60m over a 10-year period. Proportionate? Secondly, indirect access is an issue where claims are made beyond the purpose for which the relevant terms and conditions were designed, which results in anti-competition.

Isn’t it OK now that named-user licensing isn’t applicable?

Not if they build the lost named-user licensing costs into the new package license pricing! Remember only a limited number of business processes have been covered so ask yourself, what of all the other scenarios in which third-party applications can be interfaced to SAP? Furthermore, as I currently understand it, the licensing metric now applicable for O2C indirect usage is Sales and Service Order Execution, i.e not Sales and Service Order Processing, and guess what, the S&SOE license is more expensive!

Rather than IP protection, Indirect Access has become anti-competitive and a commercialisation of digital transformation and innovation. Where companies are legitimately seeking to integrate best-of-breed leading-edge technologies because they are more fit-for-purpose than SAP’s own alternative, SAP is in essence double-charging customers. Where licensing fees for these software products are paid, SAP is expecting additional licensing fees due to them as well.

In our opinion, where a tender process is followed with the objective selection of a suitable software vendor, and SAP lose out, they should, in view of fair competition, accept that and move on. The customer pays the chosen vendor the licensing fees due for use of that software and they should be allowed to interface this system to SAP. End of story.

Sadly, it appears, the threat of Indirect Access is still being used to scare customers away from choosing other vendors. Take Salesforce vs SAP C4C CRM, or Workday vs SAP SuccessFactors, or IBM WebSphere vs SAP Hybris. Mentioning no names, I have been informed by a number of software vendors offering competing products to SAP, that SAP sales people are actively using the Indirect Access threat to scare customers away from competing products. How do the vendors know this? Because their customers are constantly voicing their concerns. Personally, I can’t validate this to be true but generally, there is no smoke without fire.

Top Tips:

  1. Do you need a software tool to deal with Indirect Access? No! But they can be useful for interface discovery. Most of our clients themselves opt for a no-tool approach even though we present the options available.
  2. Don’t make rash architectural changes before 1. checking your SAP contracts to be sure it qualifies, and 2. If it qualifies check entitlements to determine if you have adequate coverage.
  3. Don’t be lured into a false sense of security. We may be witnessing the risk of the mass commercialisation of indirect access so there is, in fact, no better time to take action and understand where you stand.
  4. If you have the S&SOP package license already, don’t be fooled into being lured onto the more expensive S&SOE license! Although if you have S&SOP to cover existing processes be sure to examine the use rights when considering what entitlement you need for any new processes.

In my opinion, terms and conditions and license models have been interpreted in a way that allows for large value under licensing claims to be presented, and then aggressively pursued in order to force quick settlements, which themselves are excessive. Customers are complaining about Indirect Access as being unpredictable and unreasonable. With great power comes great responsibility. In SAP’s case, it’s their responsibility to treat customers fairly. Only time will tell if SAP decides to change their stance on the subject and finally put customers fears to rest.

Get Ahead in 2018

JNC is doing a webinar – “Addressing SAP Indirect Access Licensing Risk”, in partnership with the UK & Ireland SAP User Group on Thursday 25th January 2018, from 10:00-11:00 am. As well as other topics we discuss how SAP customers can run Indirect Access Licensing Risk Assessments internally with minimal external support.

If you are a UK&I SAP User Group member click here to sign-up on the user group website.

JNC UKI SAP User Group Webinar

Share this
19 Feb 2017

SAP vs Diageo in £54.5m Indirect Access Court Hearing

Hight Court Judge rules in favour of SAP in Indirect Access court hearing with Diageo

On Thursday 16th February 2017 high court Judge Mrs Justice O’Farrell MBE, ruled that Diageo were liable to pay SAP additional licensing fees as a result of what is broadly known as Indirect Access. Diageo could now face a significant bill for licensing fees potentially in the tens of millions.

SAP brought the case against Diageo in October 2015, looking for £54,503,578 in licence fees, whilst seeking £3,955,954 in interest and back-dated software maintenance charges. Whilst the actual amount due has not been settled yet the case reaffirms the significant risk associated with indirect access licensing for SAP customers, particularly when interfacing third-party applications with SAP ERP.

This case centres around Diageo’s deployment of two systems built using the Salesforce cloud platform interfaced with mySAP ERP via SAP PI (interface engine) giving Diageo sales reps and business customers the ability to carry out sales and ordering related business activities via a web platform as opposed to dealing directly through Diageo’s call centre.

SAP and Diageo signed the initial agreement back in 2004 and the Gen2 and Connect systems, i.e those under scrutiny were deployed around 2011/12. The agreement included a number of clauses which collectively made provision for SAP to charge named-user license fees for users of third-party systems connected to mySAP ERP. The judge decided in favour of SAP ruling that the interaction of these systems with the SAP system constituted indirect access as defined in the contract and that Diageo was therefore liable for additional named-user licensing fees.


The judge decided in favour of SAP ruling that the interaction of these systems with the SAP system constituted indirect access as defined in the contract and that Diageo was, therefore, liable for additional licensing fees.


Part of Diageo’s argument was that the shift from performing these operations through their call centre to the new systems was in principle no different. The judge didn’t disagree that call centre operatives performing these activities on behalf of sales staff and business customers would require named-user licenses, however, in providing these users access to the SAP system indirectly they now required a named-user license as per her reading of the software agreement.

The case is not yet over as the hearing was fixed to make a judgement on issues of liability only and not quantum. Meaning that an accounting exercise is required to determine what licensing is applicable at what price based on the number of users and activities performed by them.

In my opinion, questions could be asked what knowledge SAP had of Diageo’s plans to deploy these systems and what advice or warnings were given to Diageo about the licensing impact. SAP is after all diligent in keeping in touch with customer’s technology road-maps in order to understand customers business needs, sell their products and maximise revenues. If Diageo had known or been made aware of the implications and sought a licensing deal with SAP in advance it surely would have been more favourable. However, once in the position of non-compliance, especially when adjudged by the high court, the leverage to negotiate is diminished significantly.

Ultimately though it is the customer’s responsibility to act compliantly with their software agreement. SAP operates a trust model that makes it possible for customers to deploy new SAP solutions and functionality and add named-users as they grow. However, they must notify SAP of any such usage in advance or within a reasonable timeframe such that the appropriate licensing fees can be paid. SAP is most certainly entitled to pursue customers for unlicensed and unauthorised use of their software. In Diageo’s case, the judge decided that the contract made clear references to the licensing conditions for indirect usage via third-party applications so were the risks properly considered?


Ultimately though it is the customer’s responsibility to act compliantly with their software agreement. SAP is most certainly entitled to pursue customers for unlicensed and unauthorised use of their software.


There are arguments and counter-arguments galore. The bottom line is that customers are responsible for being compliant and need to understand the licensing implications of their SAP technology road-map plans particularly in the case of indirect usage via third-party applications. How many more high-profile cases like this is it going to take before SAP end-users really sit up take notice and take action.

To find out if your organisation could be at risk contact JNC and speak to us about our Indirect Access Risk Assessment, Enterprise Indirect Access Review and Licensing Impact Assessment services.

© JNC Consultancy


Credit to the source BAILII – SAP UK Ltd v Diageo Great Britain Ltd [2017] EWHC 189 (TCC) (16 February 2017).

You can visit the British and Irish Legal Information Institute website by clicking here.

 

Share this
22 Dec 2016

SAP Indirect Access Explained

SAP Indirect Access License Fees Can Be Significant and Unexpected

Interfacing third-party applications to your SAP system could cost you dearly, due to what SAP refers to as Indirect Access usage. Indirect Access has been around for a long time, although in recent years it has emerged as a hot topic in the SAP licensing world.

With claims for unlicensed Indirect Access usage by SAP reaching into the millions, even tens of millions, organisations can no longer afford to ignore the issue. This article addresses the key factors affecting Indirect Access licensing providing guidance on the best way to avoid significant and unexpected licensing fees.


Most people reading about Indirect Access are looking to establish a definition of Indirect Access, how it might affect their organisation, and what they can do about it. As such we have organised this article under logical headings, so you can get the information you need:

  • Indirect Access Definition.
  • Examples of Potential Indirect Access usage.
  • Indirect Access FAQ’s.
  • Addressing Indirect Access Risk.
  • Managing Indirect Access Risk.
  • Indirect Access Conclusion.

 Indirect Access Definition

According to SAP, all usage of the SAP systems needs to be licensed. Indirect Access is a user or third-party application creating, manipulating, or viewing data in the SAP Systems via an interface between the third-party application and SAP. Technically, Indirect access occurs when data communication is executed remotely using SAP’s remote protocol RFC (Remote Function Call). If data is created, manipulated, or viewed in the SAP systems indirectly via a third-party application, that usage needs to be licensed according to SAP’s named-user licensing definitions.

Here’s the definition is taken from the current SAP System Measurement Guide – Version 7.0 (Jan-2017):


Quote:

13.8 Indirect Use

Named users are also upstream and intermediary technical systems that exchange information with the SAP software system, as well as the users of those systems, if the users exchange information with the SAP software in dialogue or prompt mode. It makes no difference whether the software is accessed directly or indirectly (see the indirect use information under section “1.2 Named Users”). In the case of indirect use of SAP software, you should provide SAP with the number of external named users.

1.2 Named Users

A named user is an employee of a customer, of its affiliated companies, or of third-party companies authorised to access the licensed software directly or indirectly, regardless of the technical interface chosen. All employees who use the SAP software require a license and must be set up as dialogue users. SAP is entitled to require that the customer declares the number of external named users and produce a stipulated statement from each external named user concerning compliance with the restrictions applying to licensed use and confidentiality.

Indirect Use

Named users primarily use the SAP software. Users from upstream or interposed technical systems require licenses as named users if they exchange information with the software in dialogue or prompt mode, regardless of whether the software is accessed directly or indirectly. If redundant functions that are also available in the software are used in upstream or interposed systems that access the software, the users of these redundant functions also count as named users, even if the data is transferred to the software in background processing (that is, not dialogue related). Indirect access means that the user is communicating with a system upstream from the SAP software that transfers communication activities to the SAP software installation or otherwise accesses the SAP software or uses its functions. In particular, the following are examples of indirect use:

  • Users in an upstream system enter or make data available that is transferred to, or interacts with, the SAP software – for example, order entry in a mobile system, or users of a portal to the extent that they use functions of the software.
  • Users operate non-SAP software to access data that is read, modified, or stored using SAP software and for which they use SAP programs such as the BAPI® programming interface, remote function calls (RFC), or transaction calls.

Un-quote


in the same document repository under a different menu is “SAP System Measurement Guide – Version 7.0 Updated August 2015”, which does not contain the above definitions! Both versions of the guide were available on SAP’s website at the time of writing this article…


“Tip. Measurement Guide definitions are always changing. Do not accept Measurement Guide definitions as contractually binding. Always refer to your contract to understand your obligations”


 Examples of Potential Indirect Access Usage

  • Business customers using an eCommerce platform to place sales orders.
  • Sales representatives capturing sales orders via mobile device to input into SAP ERP.
  • A third-party CRM system accessing data in SAP ERP.
  • Partners and suppliers accessing SAP to check inventory and stock levels.
  • Partner or suppliers running and accessing reports on SAP system data via SAP BO.
  • Engineers entering plant maintenance data into SAP via mobile devices.
  • A third-party logistics provider using a handheld device in the warehouse and accessing SAP ERP to get data on materials or stock movements.
  • Using Salesforce to view customer master data that resides in SAP ERP.

To understand if any given interface or third-party system scenario constitutes Indirect Access you must first examine the nature of the usage, and how data is being exchanged to and from SAP. Primarily, the risk of indirect access resides in your contract, so your SAP contract will be the key in determining if that usage constitutes Indirect Access and if you could be liable to pay SAP additional licensing fees.


“Primarily, the risk of indirect access resides in your contract”


Click here to view JNC’s Indirect Access Review service, which includes both contract risk assessment and usage evaluation.

 About Indirect Access

Although many organisations are not aware of it, interfacing SAP data into third-party applications and how users use that data, must be considered carefully from an SAP licensing perspective. An application interface may only require one user ID to access SAP and retrieve the data, this is not adequate for SAP licensing purposes. Generally speaking, if 1,000 external users use this data indirectly in an online (dialogue or prompt) manner, then 1,000 named-user licenses would be required to cover this indirect access to SAP.

Why is Indirect Access such a hot topic right now?

There is a notable correlation between the global financial crisis and the emergence of Indirect Access. Firms spending power shrunk, and growth shrinkage resulted in less re-occurring annual licensing demand. With spending power and growth slowing down SAP have had to resort to other revenue streams and where Indirect Access had historically been low on SAP’s radar it became a focus. This has also been supported by two key trends. Firstly, the move to interfacing best-of-breed non-SAP applications to SAP, and the emergence of cloud technology and web based platforms extending the use of SAP out beyond the usual boundaries

According to a typical SAP contract, users who indirectly access SAP must have an SAP user license too. There are numerous contractual inclusions or exclusions that could give rise to indirect access risk or protect you from it, and yes, every customers contract is different and different clauses and wording can give rise to Indirect Access risk. Sophisticated organisations specifically define the correlation between indirect access usage and license types in their SAP contracts, either at the initial negotiation before purchase or during annual maintenance. For example, they might write something like, “All indirect access will be classified as user type ESS.” Typically, if a non-SAP system accesses SAP data, the user of that external data needs to be covered by an appropriate SAP license. If you don’t have a clause in your contract, you’d be wise to agree with SAP what constitutes Indirect Usage to avoid any nasty surprises.


“Every customers contract is different and different clauses and wording can give rise to Indirect Accedes risk”


Click here to view JNC’s Indirect Access Risk Assessment service to find out if your contract gives rise to indirect access risk.
Indirect Access FAQ’s

From our experience these are the 5 most asked question about Indirect Access:

1. Are users that access the system directly and indirectly, counted as two different users?

A named user should never be counted twice. Each named-user should have one single named-user license which should cover all their usage of the SAP system even if they have access to multiple systems. The license required for a user accessing SAP both directly and indirectly would depend on the transactions they have access to in either, with the highest level of activity in either system taking precedence when determining the license type required. So no, a user that accesses the system directly and indirectly should not be counted twice, or in licensing terms, should not be allocated two seperate named-user licenses.

2. My data passes through multiple connected systems. Would this be classed as Indirect Access?

It depends on how those systems are connected to the SAP system and whether data is being created, manipulated, or viewed in the SAP system via the connected systems. It also depends on the activity of the users using the system. If they are operating in a way, in terms of their system usage activity that matches any contractual definition of a named-user then they will require the corresponding named-user license to cover that usage.

3. Is there a certain license type applicable to a named-user who is given the required permissions to access the SAP system indirectly?

No, the normal rules behind the assignment of named-users apply. If it is a small community of users are performing business critical activity they may all need a professional license. A large community of users viewing reports may need an ESS (Employee Self-service License), or indeed some form of specially negotiated blanket coverage usage license which provides a degree of flexibility across large external user populations or where user numbers frequently fluctuate.

4. Is accessing SAP systems remotely via an intermediary interface compliant?

It is if the individual accessing the SAP software in this manner has a license that covers the activity they perform in the SAP system when accessing it. In principal, there is nothing wrong with using an interface to provide remote access to the SAP systems, where systems security would be a more important consideration.

5. What about when SAP creates Indirect Access instances themselves when performing a systems integration or deployment

SAP may well have been involved in or directly responsible for a third-party system and or performing the integration. Whilst contractually the usage can later be defined as indirect and therefor subject to indirect access licensing fees, any organisation would have a strong case in defending against having to pay these unexpected and un-illustrated fees at a later stage. If these costs had been explained at the time of purchase or implementation the customer may not have proceeded knowing the total licensing fees they would be faced with. JNC have successfully defended clients in this position on that basis.

6. Are Indirect Access claims from SAP negotiable?

Yes, they are! JNC offer a service called Indirect Access Defence, which supports customer facing a claim for Indirect Access from SAP.  We perform a detailed contract analysis and usage evaluation with a view to proving compliant usage. If there is a risk the usage in question could be non-compliant we help the customer by quantifying the risk, identifying target outcomes and developing a response and negotiation strategy.  Due to the complexities of the contract and differences in interpretations of usage SAP can sometimes get it wrong meaning their claim for Indiorect Access can either be proven to be excessive or completely unsubstanciable. So yes, its negotiable so give it a shot! If you need help, call JNC!

* always check your contract for the terms and rules that govern how you must license your use of the SAP software*


“SAP can sometimes get it wrong meaning their claim for Indirect Access can either be proven to be excessive or completely unsustainable”


Click here to view JNC’s Indirect Access Defence service

Addressing Indirect Access Risk

The following steps are JNC’s recommeneded approach for dealing with Indirect Access. With the potential risks involved, it is always recommended that you seek expert help.

Map the interface environment

The first step is to get a clear picture of the interface environment by mapping all SAP systems, and mapping interfaces both to, from, and between SAP systems. From a technical point of view, you need to map your RFC connections to the organization’s systems. A good starting point would be to map all of the connections in T-Code SM59 (RFC Destinations) and review all incoming RFC connections through T-Code ST03N (Workload and Performance Statistics). Architects, technical managers, systems owners, and integration experts can all collaborate to build this picture. The task to identify Indirect Usage becomes all the more difficult if you have multiple servers and applications spanning different geographies, operation verticals and service lines.

Define the nature of the usage

The nature of the usage needs to be defined by looking at data flows, data origination and the underlying interface technology. Look at the end user environment looking at who is using the connected systems, how they are using those systems, and if data is being created, viewed, or changed in the SAP systems as a result of the usage.

Carry out a contract review

A thorough and detailed contract review needs to be carried out to understand the terms and conditions that impact indirect access usage obligations. As mentioned earlier in the article there are clauses or a lack thereof that can give rise to Indirect Access or protect you from it. With an understanding of these terms and conditions, it is possible then to perform an enterprise wide assessment of all interfaces to determine if that usage gives rise to any Indirect Access liability as defined in the contract.

Perform an Indirect Access risk assessment

With a detailed understanding of indirect systems usage and contractual entitlement, an assessment of licensing risk can then be made on a system-by-system basis. Risk indicators (high, medium, and low for example) can be assigned to all third-party systems. High risk usage can be pro-actively addressed by seeking to procure entitlement from SAP, which will most certainly involve negotiation. It is highly beneficial to approach SAP to discuss your needs rather than be discovered by them, and to come prepared with a clearly defined position and target outcome. For all levels of risk, the risk should be quantified by looking at the potential cost of licensing that usage correctly.

Define Your Risk Response and/or Negotiation Strategy

The low or no risk usage can be dealt with by writing a business case demonstrating compliant usage referring both to the detailed technical and functional evaluation of the usage and the contract analysis. If SAP were to come knocking on your door regarding indirect access you will be prepared to present your business cases to SAP defending your indirect usage as compliant. Demonstrating to SAP that you are knowledgeable and prepared goes a long way to dispelling any further advances and contributes to Vendor Audit Readiness. Where high risk usage is identified, which is most likely non-compliant and the risk response is to present this to SAP to buy entitlement, the act of having the usage under question clearly defined will help your organisation perform better in the negotiations and most likely result in a better licensing deal. Leaving indirect access to be discovered and pursued by SAP could result in significant and unexpected licensing fees.

Managing Indirect Access Risk

How should organisations manage Indirect usage to avoid unexpected licensing fees?

Your Indirect Access management strategy has to start somewhere and your current position needs to be discovered first as illustrated above. You must first address and deal with the risk arriving at a position where you have the adequate entitlement to ensure current usage is compliant, which may or may not require the procurement of additional entitlement. From that point forward managing indirect usage involves monitoring and controlling the interface and third-party application environment ensuring that the enterprise systems and technology road-map is developed with a view to the impact on licensing and compliance. There are tools available or management techniques that can be implemented to help create alerts when new interfaces go-live, particularly useful in large, complex global scale organisations.

All key technical and systems stakeholders need to be able to review the deployment of new interfaces, understand licensing risk and understand how to properly license any new deployments. Some deployments may, according to current contractual definitions, be too costly to deploy compliantly. You can then revert to negotiating with SAP to come to a cost effective comprise that satisfies both parties, mitigating future compliance risk and facilitating technology development.

Indirect Access Conclusion

With the continued global uptake in SAP, the issue of Indirect Access has most certainly not peeked. As a result of some high-profile cases and an increase in awareness within the SAP eco-system, far more organisations are taking action to deal with Indirect Access risk. Some in response to a claim that has been presented by SAP and some with the foresight to address it pro-actively to identify any risk, quantify potential license fee exposure, take appropriate steps to mitigate the risk and minimise their potential exposure. The key to successfully dealing with Indirect Access risk is to get informed, put in place an Indirect Access action plan, and be prepared for a licensing audit.


“The key to successfully dealing with Indirect Access risk is to get informed, put in place an Indirect Access action plan, and be prepared for a licensing audit”


Click here to view JNC’s range of Indirect Access solutions

 

Share this

Subscribe to our latest news

Privacy Policy

Click Me