Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.

3 Expert Recommendations for Controlling Indirect Use in SAP Licensing

  • Font size: Larger Smaller
  • Hits: 15041
  • Print

Xpandion’s CEO, Moshe Panzer, a recognized professional advisor for SAP Licensing, has some excellent advice about a topic that’s been disturbing a lot of SAP customers recently – indirect access. I hope you’ll find this information beneficial for your organization.



Question: What is indirect access in terms of SAP licensing and why are we hearing so much about it recently?

Moshe: “Indirect access” is a term for SAP data use by an end user or by an application, which is not via SAPGUI. Here’s the exact definition from the SAP SYSTEM MEASUREMENT GUIDE:

13.8 Indirect Use
Named users are also upstream and intermediary technical systems that exchange information with the SAP software system, as well as the users of those systems, if the users exchange information with the SAP software in dialog or prompt mode. It makes no difference whether the software is accessed directly or indirectly.

In most cases, the technical appearance of indirect access is entry by an RFC (Remote Function Call) module. A common example would be using a handheld device in the warehouse and accessing SAP ERP to get data on materials. Another example would be using SalesForce to update customer cards (in Salesforce: Accounts) while in the card itself the annual sales data of the customer is fetched from the account in SAP ERP. These cases are examples of indirect access, in which the user is using data from SAP indirectly.


Indirect access by handheld device: Each user should have its own username to access SAP data

According to the SAP contract, users who indirectly access SAP must have an SAP user license too. Although many companies do not notice it, bringing SAP data into another application and using it by this application’s users must be considered carefully from an SAP licensing point of view. While technically a software interface can require only one user account to access SAP and fetch the data, this is not sufficient for SAP licensing. In most cases, if 3,000 employees use this data indirectly online, then an additional 3,000 SAP licenses should be in place to cover this indirect access to SAP.

And why are we hearing so much talk about this topic recently? Because even though it is covered in most SAP contracts, in 2013 SAP started paying special attention to indirect access, specifically looking for it in their annual licensing inspections.


Question: In the case of indirect access, how can one be sure that they’re not under-licensed?

Moshe: The answer is divided into two parts. The first part is to verify that the current situation is OK, and the second part is to ensure that the company remains in good compliance with its SAP licensing.

The way to do this is to carefully inspect current RFC accesses. Map each application and purpose. For each RFC access create a table:

RFC User Business Owner (Employee in Charge) Purpose Used By Application/User Indirectly Used By #Users
LegacySampleUser John Indern Access accounts data Financial Department 5


How do you monitor current RFC connections? By using the data from SAP T-Code ST03N (Workload and Performance Statistics) or better yet, by using automated user behavior analysis tools like ProfileTailor LicenseAuditor.

Now, when the table is in place and you’re monitoring all current indirect access, apply an alert for when any new RFC use occurs within the organization. Each new RFC usage should then be carefully inspected and mapped or eliminated. We recommend using an automated alerting tool for new RFC access, again, offered in the ProfileTailor Dynamics suite.


A good automated alerting tool like ProfileTailor Dynamics will enable you to inspect each new RFC use as it occurs


Question: What is the future of indirect access? Do you think this will still be a hot topic 3 years from now?

Moshe: Based on our experience now, we can get a good idea about how it will be looking then. Primarily, companies will be extra aware of indirect access so the current situation will disappear and more companies will be organized around it. However, as many applications move to the cloud and require base data from the SAP system, it will be necessary to access SAP indirectly and therefore the budgets to cover this will need to be increased. Eventually, companies will discover that they are paying for the same data over and over and will re-think the whole thing.

The main point now is to get informed and be prepared for a licensing audit. Know who is currently accessing SAP indirectly, and be alerted when new indirect access begins. Once you are armed with this information, you can make smarter decisions regarding your SAP licensing.

ProfileTailor LicenseAuditor gives you full control over indirect access. This is what this means:

Prior to a Licensing Audit, ProfileTailor LicenseAuditor can find users who access SAP indirectly, and it can find users who alternate between indirect and regular access.

On on-going basis, ProfileTailor alerts about new applications that access SAP indirectly so you can know what needs immediate attention to avoid additional expenses and legal obligations.


  • Guest
    Kiran 22/09/2015

    Very good info on what i am looking from a long time, but i have a quick clarification. If customer buy licenses for ESS/MSS users or if they buy EP licenses, do they need to pay extra license fee for SAP RFC usage to SAP, or will these licenses can utilized to extract info from SAP also?

  • Guest
    Moshe Panzer 22/09/2015

    Hello Kiran,
    In most SAP contracts you will discover that ESS/MSS/EP licenses are defined exactly for the purpose that they were purchased for (i.e. EP should be used for EP users and not for warehouse users who access SAP remotely). But my advice to you is always to check your specific contract with SAP - you may find some surprises there regarding your license types....
    Write me a personal email if you need an advice specifically to your case or contact us through the contact form.
    Best regards,

  • Guest
    Chris 30/09/2015

    In what SAP documentation will I find that "SAP Fiori is included with our underlying SAP software license?"

  • Guest
    Moshe Panzer 30/09/2015

    Hello Chris,
    See here SAP's page: http://go.sap.com/product/technology-platform/fiori.html
    The exact quote is "SAP Fiori is included with your underlying SAP software license." under "Download SAP Fiori". But be aware that it doesn't say that there will be no additional fees if used as indirect access.
    Send me an email if you need a tailored advice for your organization.

Leave your comment

Guest 21/07/2017


in XpandionPosted by Yoav Michaeli

Optimize Licensing Costs. Increase Security

These are amongst some of the most worrying words that enterprises and managers can hear.  And, yet, they are a part of day to day terminology- whether whispered behind  soundproof board room doors, discussed openly by upper management or colleagues addressing them casually over the wate...
in XpandionPosted by Yoav Michaeli

Pay (Only) As You Use

Pay (only) as you use – innovative approach? Indeed (although we have already recommended a similar approach in SAP licensing by concurrent users, suggesting that companies pay only for the licenses they really need). I am a big believer in SAP® and also in methods that enable enterprises to be...
in Security & AuthorizationsPosted by Dror Aviv

When SAP® users get sleepy

“Dormant” SAP usersSome licensing-optimization tools for SAP, including ProfileTailor LicenseAuditor claim that they can identify “dormant user accounts”. Some customers don’t understand what this means and say – we identify dormant user accounts by ourselves – just look at table ‘USR02’ and see the...
in Security & AuthorizationsPosted by Yoav Michaeli

How to Become a Successful Security/Authorization Manager

The more Security and SAP Licensing Managers that Xpandion works with, the more confirmation we receive that there is a distinct difference in the actions taken by successful managers vs.  unsuccessful managers.  Using ProfileTailor Dynamics/ LicenseAuditor these successful managers implem...
in Licensing & SAMPosted by Debra Greenstein

6 Must-Know Facts about Indirect Access and SAP Licensing

Indirect Access is a hot topic these days in the SAP licensing world. Our customers come to us regularly with the same six basic questions, and we figured you must have them too. So we decided to set the record straight when it comes to licensing of indirect access in SAP systems.



157 Yigal Alon Street,

Tel Aviv 67443, Israel


US Office


3310 W Braker Lane Suite 300-253

Austin, TX 78758, USA


India Office


C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India