Indirect Access is a hot topic these days in the SAP licensing world. Our customers come to us regularly with the same six basic questions, and we figured you must have them too. So we decided to set the record straight when it comes to licensing of indirect access in SAP systems.
These answers about direct and indirect access will enable you to optimize your SAP licensing and be more prepared for your next licensing audit.
1. Is it legal to access SAP software remotely though an intermediary interface?
Basically it’s not a problem, but the correlation between the user’s indirect access and their exact license type can be vague.
Sophisticated organizations specifically define this correlation in their SAP contracts, either at the initial negotiation before purchase or during annual maintenance. For example, they might write something like, “All indirect access will be classified as user type ESS.”
If you’re wondering what the deal is with indirect access at your organization, the best advice we can give you is “read your contract.” Your legal department might have already been doing the work for you and defined indirect access well enough so you can know the implication it has on your SAP licensing structure. In other cases, there may be a clause saying that this sort of access is subject to the same license requirements and costs as direct access or a clause about how to define indirect access in terms of SAP licenses. If there isn’t such a clause, you need to define exactly what indirect access is with SAP in your next negotiation to avoid any surprises.
2. If a user has authorizations to access SAP indirectly, should I classify him to a certain license type?
No, not necessarily. If he has authorizations, but he doesn’t use them, you might just want to eliminate his user account to save costs.
SAP license types are defined according to usage, not by what authorizations a user has. Know what your users are doing – you’ll be in a much better negotiating position. It’s easy to get this kind of information with ProfileTailor LicenseAuditor.
3. My data goes through many connected systems. Does this count as indirect access?
It might be so. As we said above, often customers are not clear about what is really considered indirect access. If you’re not careful, SAP can base their audit on this type of access or ask for additional fees. Again, best to negotiate these terms upfront so you’ll have no surprises.
4. Is indirect access negotiable with SAP?
Yes. Do it.
5. Where do I start when I want to identify and handle indirect access in my organization?
Indirect access occurs when a user or an application takes data from SAP and uses it outside of SAP. Take Salesforce, for example: A user opens a customer’s account screen in Salesforce, which shows sales data of that customer from SAP ERP. That’s indirect access at a glance.
Indirect access happens when data is fetched from SAP remotely, which is technically done using SAP’s remote protocol RFC (Remote Function Calls).
From a technical point of view, you need to map your RFC connections to the organization’s systems. A good starting point would be to map all of the connections in T-Code SM59 (RFC Destinations) and review all incoming RFC connections through T-Code ST03N (Workload and Performance Statistics).
6. Are users that access the system directly and indirectly, counted as two different users?
SAP licensing is based on employees. Meaning, a single licensed employee can have a couple of different user accounts in different systems. A license of the right type may cover the different user’s activities under this employee, including direct and indirect access together. For instance, if an employee uses SAP ERP to produce purchase orders and he’s classified as license type “Professional,” if he also accesses data in SAP CRM indirectly, he will probably be covered by the Professional license type.
Conclusion
Although indirect access has been around for a long time, it has become more significant recently. While preparing for the annual SAP licensing inspection, organizations can’t ignore this issue anymore and they must deal with it and with its consequences on their license structure and costs.
When talking about indirect access, knowledge is power. The more you know, and the more is contractually defined, the more you will be in control of this issue.