Indirect Access SAP® Usage – Self-diagnosis and Guide
Due to the recent activities of SAP®, the topic of indirect access use of SAP® software and the often-associated painful back payments are more relevant than ever. We provide tips on how to identify indirect use and ensure compliance.
What is Indirect Use?
SAP® defines the term “indirect use” as…
„… the execution of the process functions of the software, the loading, the execution, the access to, the use of the software or the display of data resulting from these functions. Use may be made via an interface provided with the Software or as part of the Software, via an interface of the Client or a third party, or through any other intermediary system“
[Source:SAP® List of Prices and Conditions SAP® Software and Support deDE.v.1-2017, Page 12.]
The use of SAP® software is generally licensed via so-called Packages and SAP® Named User. Depending on the licensing metric of the package, corresponding usage rights within the scope of the package usage as well as corresponding SAP® Named User usage rights must be acquired. Different types of named users are defined in the SAP® Price and Conditions List. The user type corresponding to a usage scenario is dependent on the type of end user access. Depending on the usage, third parties, e.g. business partners, customers and suppliers are subject to a Named User licensing requirement.
In the case of indirect access usage, usage does not occur by direct access to SAP® functionalities, via the SAP® standard user interface or by using the login data of the accessing end user, but via an interface or a non-SAP® application, such as RFCs (Remote Function Calls), BAPIs (Business Application Programming Interfaces) or SAP® WebServices.
Another variant of indirect access use is the exchange of data between non-SAP® applications and non-SAP® functionality with SAP® systems. Even if end users only use the functionality of the non-SAP® application, the non-SAP ® application accesses a SAP® system in the background in read or write mode. In this case, SAP® Named User Licenses are to be acquired, since SAP® data processing functions are used, which could be used for example to enable or secure technical or business data consistency in the company. This is especially true if the non-SAP® application is at least partially processed or preprocessed in SAP® or data is held in SAP® and there is an interface between these systems. Paid access usage for Named User Licenses is necessary in these Scenarios.
How can you proceed?
The following procedure is recommended to prevent license violations and consequently high demands from SAP®.
1. Identify indirect access use of SAP®
- Identify SAP® interfaces to SAP® add-ons or third-party applications (technical user accounts or "suspicious" dialog users, i.e. users with a high number of transactions and "always logged in" accounts)
- Analyze user-system interaction with SAP® add-ons or third-party applications. In particular, consider:
- Access triggers (users, devices)
- User access accounts for SAP®
- Direction of data flow (incoming, outgoing)
- Time of data transmission (synchronous, asynchronous)
- Format of exchanged data, etc.
2. Derive the necessary license requirements
- Select a suitable license type from the SAP® License Agreement (Agreements for Transfer and Maintenance of SAP Standard Software ("Software Contract")) (usually Annex 1 to the software contract)
- Consider the specific requirements when selecting:
- The license type covers the indirect use of SAP® according to the access rights for certain SAP® functionalities or the use or storage of data
- Use of the license type is not restricted or excluded by other terms in the SAP® license agreement
- The license type reflects the value of the transaction over the price per license
- Example: indirect read or write access of employees in production is more cost-effectively via an "SAP® Worker User License" than with an "SAP® Professional User License”
3. Identify ways to modify the interface / user permissions
- Check which interface or user permissions are required:
- Push vs. Pull (static reading)
- Read vs. Write
- Synchronous vs. Asynchronous
- Negotiate a solution with SAP® for indirect access, where risk minimization fails, e.g. if the license types included in the SAP® license agreement are not suitable for indirect use
- Select a license type from the standard SAP® license assortment or
- Define and come to an agreement with SAP® for a special license type or module (package) that is suitable for indirect use
Sustainability has priority
The effort to determine indirect access use is significant, especially when it comes to recording and analyzing the detailed information on the relevant applications and interfaces. There are sometimes hundreds of these in an organization. It is important to be as detailed as possible to classify each case correctly and to correctly assess the license requirements; but also, to be able to answer possible queries from SAP®. The clarification with SAP® is especially necessary if (see above) there are no suitable license types in the SAP® license agreement or in the price and conditions list.
Once you have recorded all cases of indirect access, the work is not finished. Because one thing is certain: requirements in organizations change and as a result, processes are adapted. This is accompanied by the further development, replacement or reintroduction of IT systems. Any change to IT systems that communicate with SAP® data must be documented and evaluated for indirect use.
Likewise, continuous monitoring of all changes to authorized users, i.e. new users, changes in the authorization of the users (read data vs. write data, etc.) as well as the deactivation or deletion of a user account. The completeness and accuracy of the data Managing
- Business processes,
- IT systems or more specifically the applications used,
- Users of the applications and their activities,
- Interfaces between the applications and SAP® and
- Data exchanged via interfaces
should be checked regularly. If deviations are detected, corrective measures must be taken. Coordination of these activities should be ensured through SAP® license Management.
We know that license management in SAP® is complex, time-consuming and often challenging. With our special solution "ConSalt License Optimizer @ SAP" and our technical expertise, we support you comprehensively: from the analysis of your SAP® landscape and identification of licensing errors to the development of a sustainable strategy for the management of your software assets. Contact us today for more Information.
About the Author
|Dr. Jan Hachenberger is Partner and Executive Board Member of ConSalt Unternehmensberatung GmbH. On behalf of the German Institute for Standardization (DIN) e.V., Hachenberger continues to expand the international standard for IT Asset Management as delegate and representative of Germany. The graduate in political science and business administration has set himself the goal of developing ConSalt Unternehmensberatung GmbH into the leading German consulting firm for IT and software asset Management.|