Should You Listen to Gartner on Indirect Access?

Executive Summary

  • Gartner writes on SAP indirect access, however, SAP also has enormous conflicts of interest in analyzing indirect access as it receives so much money from SAP.
  • The question is how is Gartner on the topic of SAP indirect access.


In a previous article titled Taking A Multi-Dimensional Approach to Indirect Access, I explained that information on indirect access comes from some sources. However, some of these sources have a significant pro-SAP bias and therefore publish inaccurate information on the topic of indirect access. One article that showed how biased this information can be is a critique of an article by ASUG which I critiqued in the article ASUG’s Biased and Misleading Coverage on Indirect Access.

Now in this article, we will review Gartner as a provider of information on indirect access.

Gartner’s Relationship and Conflict of Interest with SAP

Gartner has been a long-term recipient of large amounts of money from SAP. However, Gartner will not declare how much they get from any software vendor. All that can be traced is how much money they get in total from all vendors who are roughly $800 million, or one-third of their revenues. I have spoken on this topic with many who have worked for Gartner or vendors that pay Gartner, and the common estimate that I arrive at when you include all vendor advisory services, conferences, everything — that Gartner receives around $100 million from SAP every year. Furthermore, when Gartner writes articles on indirect access, they do not disclose the fact that they receive money from SAP. They are obligated to do this. As with everything that Gartner does, they do not follow the rules and do what they please. Their lack of rules following regarding research, for instance, is why they can’t be classified as a research entity and are closer to a combination of a fashion magazine, as is described in the article Gartner and the Devil Wears Prada.

Areas Covered in the Article

  1. The Conflicting Nature of the Topic: The problem is that the topic of indirect access pits SAP against its customers. Therefore, it is a difficult topic to offer a balanced perspective, especially considering that SAP’s application of indirect access has no real precedent in enterprise software, and in fact for the history of enterprise software, indirect access meant something entirely different from SAP’s current definition of indirect access. This topic is covered in the article Type 1 Versus Type 2 Indirect Access.
  2. Closeness to SAP: Gartner cannot provide customers with a way to fight indirect access that won’t get back to SAP. However, Gartner dramatically prizes its relationship with SAP and the yearly funding that it brings.

Evaluating Gartner’s Material on Indirect Access

Gartner has a conflict of interest, so let us check Gartner’s material on indirect access. The first is the article SAP Indirect Access License Fees Can Be Significant and Unexpected. Let us see how much truth Gartner is willing to tell when the subject is one of their biggest vendor sponsors.

“SAP has been inconsistent with its definition, interpretation and measurement of indirect use, resulting in ambiguity and confusion. In particular, the SAP System Measurement Guide and SAP Licensing Guide contain interpretations of indirect use inconsistent with many contracts. SAP’s more recent move to standardize General Terms and Conditions and Software Use Rights (SUR) provides globally consistent and all-encompassing indirect terms that could increase unwary SAP customers’ cost exposure when purchasing products on an order form.”

This is true, but Gartner has not explained why this is the case. SAP does this to keep indirect access as opaque as possible to use it as leverage against customers. It applies its interpretation of indirect access inconsistently because indirect access is a hammer used against customers that do not meet SAP’s targets for sales revenue.

Gartner has the following recommendations.

“Proactively seek the details of clauses relating to indirect use in SAP contracts, and defend your position based on your contract language, rather than the SAP System Measurement Guide criteria.”

  • Protect broader or vaguer definitions, and avoid signing away these rights if asked to move to Web-based usage rights when making new purchases.
  • Utilize Gartner’s principles of licensing fairness to counter SAP’s indirect use fee approach.

This appears to be good advice.

“Client calls indicate SAP has become more aggressive in its pursuit of indirect use fees. Although SAP indirect use has been an issue for SAP customers for many years (we started writing about this issue more than 10 years ago), Gartner has been receiving a large number of client calls related to significant and unexpected indirect use fees since December 2013.”

That is true. It is interesting to see Gartner’s view on this as they have an enormous client base, so they are in an excellent position to know how indirect access is trending.

“Indeed, in its 2010 licensing guide, SAP gives an example of indirect use requiring limited professional user licenses simply to access/view data within the SAP system SAP customers are often surprised by the timing and engagement process for fee discussions.”

And the timing of those fee discussions is critical.

“Most perplexing is where SAP recommended and performed integration work, and did not reveal large indirect use fees that could result from its work. Those customers are only now being told of this liability. SAP has noted that its services consultants are not license experts; they recommend the best possible solutions at the request of customers, and are not obliged to reveal license fee ramifications, however large. This, SAP suggests, is solely the customer’s responsibility.”

SAP Consultants Do Not Inform Customers of Indirect Access Liabilities While a Project to Connect to Another Non-SAP Application is Being Implemented?

Why are SAP’s service consultants not educated on license fee ramifications or not obligated to reveal license fee ramifications? Secondly, in the past, integrations to SAP did not lead to indirect access liabilities.

This would have to violate the standards of care of a contract for work. This is the definition of standard of care by Wikipedia:

“In certain industries and professions, the standard of care is determined by the standard that would be exercised by the reasonably prudent manufacturer of a product, or the reasonably prudent professional in that line of work.”

 Gartner does an excellent job of bringing this up. As it leads to all manner of other questions. For instance, in the Diageo case, SAP was aware the entire time that Diageo was integrating ECC to Salesforce. Did SAP warn Diageo of the indirect access liability during the integration? It is not only the consultants that are aware of the integration to a non-SAP application but the SAP account manager as well.

Gartner on Triggers for Indirect Access

Gartner laid out the following reasons for indirect access claims by SAP.

  • Audit Activity: In some cases, SAP customers who have had integrated applications for many years, and were never questioned for indirect license compliance when submitting prior LAW reports, are now being asked for indirect license fees.
  • Lack of New License Demand: SAP customers who have not made purchases in the past 12 months and who have no articulated future demand for license spending are being examined. Likewise, discussions surround applications or integrations that have been in existence for many years and for which fees had never been suggested.
  • Looking at Competitive Offerings: Customers submitting a competitive RFI or RFP documents in markets where SAP has a competitive offering, especially in areas like CRM and human capital management, are being reviewed. SAP sales have used indirect access language to suggest that if competitor’s offerings were selected, and then interfaced into SAP, license fees would be due from the competitor and SAP and that it would be more cost-effective to pay SAP, rather than paying twice for the same functionality. In some other cases, neither vendor mentioned the additional fees until after the third party was selected and contracts signed. SAP would then use sales or audit activity to approach the organization about incremental fees.
  • Signing the New SAP Order Form: Historically, SAP customers buying new software would add a new exhibit to the initially negotiated master contract. However, SAP customers now are being asked to sign order forms, rather than exhibits, and these order forms require compliance with the standard general terms and conditions (GTC) and SUR on SAP’s website. These contracts have reference to use rights and indirect use. SAP’s new online terms are contractually agreed for only products on each specific order form. Use rights appear in the GTC under Section License Grant Section 2.1.2 and in the SUR under Section 1 — Licensing Principles and Rules of Use and Designate Use in 1.1.1 (7). It states ‘”Use’ means to activate the processing capabilities of the software, load, execute, access, employ the software, or display information resulting from such capabilities … Use may occur by way of an interface delivered with or as a part of the software, a licensee or third party interface, or another intermediary system.” The latest SUR also adds a specific definition for a license for SAP NetWeaver Open Hub, which is required for data extraction from SAP BW, and which was not detailed in many prior contracts.

While Gartner does not state it, this is damning evidence against SAP.

Is SAP Applying Indirect Access Honestly?

If SAP were applying indirect access honestly, they would bring an indirect access claim against every client that was “in violation.” However, that is not what they do. They define indirect access so broadly that every customer is guilty, and then selectively enforce IA-based upon maximizing license revenues. The very act of submitting a competitive RFP to other vendors can trigger an indirect access claim. And in some cases “neither vendor mentioned the additional fees until after the third party was selected and contracts signed.” This allows SAP to either block the sale by bringing up the IA issue, or wait, and then bring the claim for AI after the purchase.

“SAP’s precise contractual language related to indirect use, and SAP interpretations of these terms, has varied over the years and by signed contract location. In many cases, it was not explicit what scenarios would generate indirect use fees, and what metrics should be used for indirect use fee pricing. In some contracts the word “‘indirect” was not even mentioned, rather simply a statement that use must be paid for.”

Yes, that is correct. Indirect access was changed in its definition by SAP. And the problem with the statement that “use” must be paid for is that SAP did not interpret any integrated non-SAP system as used.

“Use was usually when the processing capabilities of the software were activated, or to load, execute, access, employ, utilize or store the software, or display information resulting from such capabilities.”

As I said the definition was changed by SAP.

SAP has Strategically Opened its Software to New Data Sources?

“SAP has strategically opened its software to new data sources and software platforms, resulting in a potential licensing compliance challenge to its customer base. Historically, SAP encouraged customers to build out its partner network and heavily integrate SAP with other applications, especially in “white spaces” where SAP had no equivalent offering.”

I don’t think this rings true. SAP always proposed that integration was a problem and in all cases that the customer should use SAP applications. This was true even when SAP’s applications were not ready to be implemented. This has cost SAP customers enormously.

While it is true that SAP was not very concerned if it has no offering in a particular area, but even this oversimplifies SAP’s position.

SAP, when they did not have advanced planning applications (back in the 1990s and before APO) would undermine the need for the application, stating that everything could be done in their ERP system. And this goes back to the 1980s when SAP as well as other ERP vendors that their systems would not only replace every single legacy system the customer had, which is covered in the article How SAP Misused the Term Legacy,

How Gartner Supports SAP’s Indirect Access with Misleading Logic

“SAP customers typically require hundreds of interfaces on their SAP ERP systems when integrating them into their business application landscapes to create collaborative end-to-end business processes with customers, partners, suppliers and distributors. Indirect use complications arise when multiple systems are connected and information is transferred between them. But there are conflicting views on what is a fair and reasonable interpretation of indirect use across these complex interfaces. This has led indirect use to be an ambiguous gray area. To try and bring some clarity to the situation, Gartner has compiled a set of five principles of licensing fairness with respect to indirect use of SAP business applications. In our experience, SAP customers who have used these principles have achieved substantially improved outcomes in their negotiations.”

At this point, Gartner proposes that it can provide advice that can keep customers out of some of the trouble with indirect access.

Gartner Repeating SAP’s Inaccuracies to Clients

“Customer Owns the Data: The customer is the owner of all customer business data, including historical business data; this is shared across the customer’s business application portfolio. Simply accessing this data, or exposing it through a portal, should not attract license fees. SAP, however, owns the software intellectual property — that is, SAP is the owner of all intellectual property relating to its software products, including data models, data structures, configuration data and metadata for its business applications.”

Unfortunately, this has changed since this article was written. SAP imposes indirect access rules for data stored in the HANA database. This is covered in the article The HANA Police and Indirect Access Charges. Secondly, SAP in its SAPPHIRE 2017 announcement proposed that customers only own a “static read” of the data, which is covered in the article. How to Best Understand SAP’s Faux Indirect Access Announcement. Static read access turns out to be so restrictive that literally, the only way to perform a static read is to make a copy of the data and archive it without ever accessing it again.

SAP’s Constantly Modification of the Rules of Indirect Access

This is not to say that what Gartner provided was inaccurate, but instead points to the fact that SAP is continually modifying the rules of indirect access to be more restrictive.

“Infrequent (Daily, Hourly) Batch Data Transfers Should Not Be Charged: Interfaces implementing batch data transfers (data in, data out) between all business applications, including SAP and non-SAP systems, in general does not constitute indirect use of SAP software, and should not be charged. When a customer’s business data is retrieved from an SAP system, the SAP intellectual property is not accessed and, therefore, the expectation is that there should be no licensing impact. SAP is, however, demanding an additional licensing cost for its customers to extract their own data (emphasis added). It references its vague indirect use definition. It is our opinion that this is not fair practice because customers have SAP user licenses when they originally created the data. Such data is owned by the customer, not SAP; hence, the customer should have the right to access its own data via non-SAP processes for its own use. SAP has tried to charge some customers a specific Business Warehouse (BW) Open Hub license for data extraction specifically from BW.(emphasis added) However, we believe this simple data extraction should not be subject to charges. “Frequent” batch data transfers (e.g., same data transferred every minute, or faster), however, may effectively be defined as near real time in nature.”

It is unclear why Gartner draws this particular distinction. If we look at all other vendors, they only charge for users of their application through the user interface. Data is sent between applications all the time, and every application is connected to other applications. It is difficult to see why in the case of SAP, that some rules have to be put into place when customers want to integrate to SAP.

Real Time Synchronous and Bidirectional Use Charges

“Real-Time, Synchronous and Bidirectional Use of SAP Software Can Be Charged: Interfaces implementing real-time data transfers to support interactive bidirectional user access between all business applications, including SAP and non-SAP systems, potentially does constitute indirect use. Fees should be paid, although possibly at lower rates than the standard named user fees. In general, SAP Remote Function Call (RFC), Java Connector and Gateway technologies are more likely to be used for real-time, synchronous type of interactive interfaces. SAP IntermediateDocument (IDoc), Enterprise Services or PI messaging technologies tend to be used more for data transfer-type interfaces.”

Once again, this seems to be drawing distinctions that no other vendor would draw. If you perform a real-time, synchronous and bi-directional data integration to any other vendor, there will be no indirect access issue. This seems to normalize hat SAP is doing.

If we evaluate these terms (real-time, synchronous and bi-directional), this describes standard application integration. Why does the fact that data is sent in batch versus real-time change whether SAP’s version of indirect access, called Type 2 indirect access is valid?

Indirect Users Identified

“Indirect Users Should Be Identifiable Users, Not Devices: Gain an understanding of how SAP identifies your licensing and product scenario, and argue that only identifiable people are paid for as indirect users. The term “Named User” suggests an identifiable person, given the digitalization trend and the introduction of many more smart devices (see “Digital Business Requires a Change in Software Licensing Models or Higher Costs Will Prevail”) This would set a potentially very costly precedent to accept smart devices as named users, direct or indirect.”

This seems to make sense on the one hand, but unfortunately, it appears to support SAP’s interpretation of indirect access without probing any deeper.

“Multiplexing Front-End Applications Built for the Express Purpose of License Fee: Avoidance Should Not Be Acceptable to Either Party, and Does Constitute Indirect Use: It should be acknowledged that a small number of companies have deliberately developed their own sophisticated software applications to intensively extract data from SAP business applications, and then used them to support large numbers of interactive users with their user interfaces. This would constitute SAP license avoidance, and compliance-related fees should be paid in this scenario. Gartner believes that the majority of SAP’s clients do not set out to do this, and are greatly surprised by the indirect use issue when it arises in license audits.”

True. This is the definition of Type 1 indirect access. However, it is uncommon. And it is not related to the type of indirect access which is enforced by SAP, which is Type 2 indirect access.

“To be prepared for indirect use conversations, we recommend working with SAP solution or enterprise architects to ascertain exactly which interfaces you have into SAP systems, as well as future planned interfaces, and categorizing them where possible according to the Gartner fairness principles. Because many customers will have tens, if not hundreds, of integrated applications, it can be a daunting task. There are third-party tools that will assist customers in defining to various levels what kind of indirect use they may have (see Note 7 and Note 8).”

I am not sure this is a good idea. Although it depends upon what Gartner means. If this means contacting SAP resources that SAP this is probably not a good idea as it communicates to SAP what you are thinking and that you are thinking of protecting yourself. Finding independent sources makes sense. But those must be genuinely independent sources.

“The indirect use fees initially proposed by SAP may suggest that all interfaces be licenses with higher-priced user categories, such as Professional User. One should negotiate on category or package type, should the value derived from the indirect use be lower than the usually high price points associated with these user or package categories.”

This continues to assume that type 2 indirect access is valid. This seems to imply that indirect access can be covered by a user license. However, in the Diageo case, the UK judge noted that she could not find any user license that applied.

Lower-cost named user fees that SAP has adopted should be considered examples of these named user types: Retail User, Worker User, Industry Portfolio User. Older agreements may have Limited Professional, Shop Floor User or Customized User categories that could be used.

In total, there are approximately 50 different named user definitions that have been sliced and priced into smaller functionality use rights definitions. Gartner is not claiming that value has been extracted from this great slicing of definitions, but it offers a representative expectation that SAP would negotiate varying degrees of indirect use licenses based on individual value propositions.

Same issue as the previous comment.

Gartner’s Article: Customers Must Resolve SAP Indirect Access Risk When Investing in SAP Functionality

This next analysis is based upon the article of the name above.

“SAP does not make indirect access transparent during the sales cycle or use a consistent approach to resolve it. Therefore, sourcing and vendor management leaders face unpredictable financial exposure if they do not explicitly negotiate to contain SAP indirect access license costs.”

SAP shows a lot of delicacy in its description here. SAP lies to customers about indirect access during the sales process and then uses indirect access inconsistently depending upon how it maximizes its sales revenues from an account.

False Statement on Growing Indirect Access Exposure

“Indirect access exposure is likely to increase and become more difficult to resolve due to the rapid growth of IoT offerings, partner ecosystems, digital business platforms and analytics solutions, which all contribute to increased system connectivity.”

It’s unclear if this is attempting to be deliberately inaccurate. But it is false. SAP systems already are connected to many systems at customers. The liability is already there.

“When possible, preserve older Use definitions that do not reference third-party systems.”

This is good advice. SAP seeks to have Type 2 indirect access made legitimate and to change history by having customers look at new interpretations that were never part of the original contracts that the customer signed. Preferring to steer them to new documents that the customer never signed.

“Proactively engage enterprise architects and internal SAP experts to identify, document and place a value on existing third-party interfaces now, before SAP raises it during an annual audit.”

Notice the term “internal.” Gartner is saying don’t use SAP resources as they will function as spies. But because SAP is a customer for Gartner, they have to write in code.

“Use SAP’s desire to sell new licenses for strategic products as the incentive to resolve indirect access cost uncertainty. This is especially critical for SAP’s IoT and Cloud Platforms, which may exponentially increase financial exposure via large-scale device and application connectivity.”

This was addressed previously. It is not true. SAP applications are already connected to many non-SAP applications at customers.

“Although other software and SaaS providers incorporate indirect access language in contracts, our interactions with megavendor customers suggest that it is much more likely to arise with SAP than with other vendors, and that SAP activity in this area is growing (see Table 1).”

Confusing Type 1 with Type 2 Indirect Access

It is difficult to determine if this is deliberately misleading or if the authors do not understand the distinction between Type 1 and Type 2 indirect access. The indirect access clauses in the clauses of other vendors are for Type 1 indirect access — or legitimate indirect access. SAP’s enforcement is primarily to do with Type 2 indirect access. SAP is the only software vendor that I have seen enforced Type 2 indirect access.

Gartner includes a table that has the following numbers:

  • SAP 29%
  • Microsoft 5%
  • Oracle 2%
  • Salesforce 3%

However, because Gartner does not differentiate between Type 1 and Type 2 indirect access, it is not possible to say what types are covered in this table. Most likely the other vendors are enforcing Type 1.

“It is SAP’s reference to Use occurring by way of a “third-party interface or other intermediary system” that is the basis for the indirect access concept. Because several years have elapsed since SAP standardized its contractual terms and conditions, we believe most SAP customers have agreed to  the indirect access concept, sometimes without fully understanding the implications when signing Order Forms containing the current Use definition within the hyperlinked SUR document.”

Right, but did the customers agree to the traditional definition of indirect access (Type 1) or SAP’s broadened definition (Type2)?

Gartner estimates that a small but material percentage of SAP customers (we estimate fewer than 20%) either hold legacy terms where SAP defined Use inconsistently, or have successfully incorporated indirect access language during past negotiations. Examples include customers with contracts dating back to the early 2000s, which may have less prescriptive Use definitions, thus improving customer negotiating positions, and customers who were able to modify Use language during prior negotiations. Vigilantly protect older, less all-encompassing definitions of indirect access (particularly those with Use definitions that do not explicitly reference “third-party interfaces or other intermediary systems”) by negotiating the extension of those less onerous terms and rejecting the newer SUR definitions incorporated in all future purchases.”

So keep the old definitions as much as possible.

Jamming Bad Applications into Customers Using Indirect Access

“We believe SAP provides strong incentives for its salespeople to pitch new-generation technologies such as the Hana database, S/4HANA, cloud line-of-business solutions, BusinessObjects analytics solutions, and its IoT and cloud platforms. The significant pressure on the SAP sales force to sell these solutions strengthens customers’ ability to negotiate a low or no-cost resolution to the indirect access issue by making the new investment contingent on resolving indirect access risk.”

Translation: SAP has a lot of products that they are hot to sell, but which don’t make much sense to buy. So if you can buy one of these at a reduced rate, then SAP can go back and tell Wall Steet that they sold the item, and the client can then keep the application as shelfware.

Hiding Information from SAP

“Proceed carefully. When audited by SAP (or any vendor), share the minimum amount of information required to comply with the audit terms in your contract, as SAP will use information provided regarding third-party interfaces to justify indirect access compliance fees.”

True. SAP is a dishonest organization, and it makes little sense, to be honest with them. The less they know about you, the better, which is why it can also make sense to get SAP out of supporting your applications and into non-SAP support.

“Make it clear at the outset that the potential deal will not occur without a permanent resolution to the indirect access issue.

This seems like sound advice, but why would SAP agree to it?  For example, purchasing a single-metric product such as the SAP Sales and Service Order Processing package or SAP Purchase Order Processing package, with pricing based on order volume, enables the customer to cover a large population interacting with the SAP software, but without named user license administration, which would be onerous. If this 8 approach is attempted, then the contract must clearly state that named user licensing is not required, and that this is intended as a proxy for indirect access by a certain user population, rather than as a license for just that functionality.”

This assumes that Type 2 indirect access is valid.


Due to the zero-sum game nature of indirect access, it is critical that Gartner reveals their funding from SAP.

However they don’t do this, and they don’t do it because they know what it would do their credibility. Gartner’s publishing comes down to getting customers to contact Gartner so that they can gain advisement business from it. This is not in itself a problem, but it is a problem in that Gartner has a conflict of interest, and it cannot advocate for an SAP customer on indirect access as it has already sold out to SAP.

Once we move to the material created by Gartner on indirect access, several things become apparent from a detailed review.

  • Gartner has very good access to what is happening in the marketplace concerning indirect access.
  • Gartner has accurately described the increase in indirect access.
  • Gartner normalizes SAP’s approach to indirect access by not point out that other vendors do not seek to enforce Type 2 indirect access and by accepting SAP’s proposal that certain user licenses should be an accepted way to compensate SAP for Type 2 indirect access. Gartner fails to point out that under this concept, SAP would owe indirect access fees to the client, as the data was originally loaded into SAP’s systems from the client’s legacy systems. Gartner seems unwilling to point out obvious inconsistencies in SAP’s logic with regards to indirect access.

SAP Licensing Contact Form

  • Have Questions About SAP Indirect Access and Licensing?

    Our independent experts get no compensation from SAP, so we can deliver you honest answers about indirect access and licensing.

    This article is free, we do not answer questions for free. Filling out this form is for those that have a budget. If that describes you, just fill out the form below and we'll be in touch asap.


Roberto Sacco, Alexa Bona, Derek Prior, Lori Samolsky, SAP Indirect Access License Fees Can Be Significant and Unexpected,  31 July 2014

Bill Ryan, Roberto Sacco, Derek Prior, Lori Samolsky, Customers Must Resolve SAP Indirect Access Risk When Investing in SAP Functionality, April 5, 2017

Enterprise Software Risk Book

Software RiskRethinking Enterprise Software Risk: Controlling the Main Risk Factors on IT Projects

Rethinking Enterprise Software Risk: Controlling the Main Risk Factors on IT Projects

Better Managing Software Risk

The software implementation is risky business and success is not a certainty. But you can reduce risk with the strategies in this book. Undertaking software selection and implementation without approximating the project’s risk is a poor way to make decisions about either projects or software. But that’s the way many companies do business, even though 50 percent of IT implementations are deemed failures.

Finding What Works and What Doesn’t

In this book, you will review the strategies commonly used by most companies for mitigating software project risk–and learn why these plans don’t work–and then acquire practical and realistic strategies that will help you to maximize success on your software implementation.


Chapter 1: Introduction
Chapter 2: Enterprise Software Risk Management
Chapter 3: The Basics of Enterprise Software Risk Management
Chapter 4: Understanding the Enterprise Software Market
Chapter 5: Software Sell-ability versus Implementability
Chapter 6: Selecting the Right IT Consultant
Chapter 7: How to Use the Reports of Analysts Like Gartner
Chapter 8: How to Interpret Vendor-Provided Information to Reduce Project Risk
Chapter 9: Evaluating Implementation Preparedness
Chapter 10: Using TCO for Decision Making
Chapter 11: The Software Decisions’ Risk Component Model