Last Updated on March 25, 2021 by Shaun Snapp
- JNC consulting wrote an article on indirect access license fees.
- We cover the accuracy of this article.
JNC Consulting has written some of the most popular articles on SAP indirect access.
In this article, we will evaluate their top article on this topic.
Our References for This Article
If you want to see our references for this article and other related Brightwork articles, see this link.
Lack of Financial Bias Notice: The vast majority of content available on the Internet about SAP is marketing fiddle-faddle published by SAP, SAP partners, or media entities paid by SAP to run their marketing on the media website. Each one of these entities tries to hide its financial bias from readers. The article below is very different.
- First, it is published by a research entity.
- Second, no one paid for this article to be written, and it is not pretending to inform you while being rigged to sell you software or consulting services. Unlike nearly every other article you will find from Google on this topic, it has had no input from any company's marketing or sales department.
Quotes from the ASUG Article
“SAP Indirect Access License Fees Can Be Significant and Unexpected.
Interfacing third-party applications to your SAP system could cost you dearly, due to what SAP refer to as Indirect Access usage. Indirect Access has been around for a long time, although in recent years it has emerged as a hot topic in the SAP licensing world. With claims for unlicensed Indirect Access usage by SAP reaching into the millions, even tens of millions, organizations can no longer afford to ignore the issue. This article addresses the key factors affecting Indirect Access licensing providing guidance on the best way to avoid significant and unexpected licensing fees.“
All of this is very true.
“Named users primarily use the SAP software. Users from upstream or interposed technical systems require licenses as named users if they exchange information with the software in dialog or prompt mode, regardless of whether the software is accessed directly or indirectly. If redundant functions that are also available in the software are used in upstream or interposed systems that access the software, the users of these redundant functions also count as named users, even if the data is transferred to the software in background processing (that is, not dialog related). Indirect access means that the user is communicating with a system upstream from the SAP software that transfers communication activities to the SAP software installation or otherwise accesses the SAP software or uses its functions. In particular, the following are examples of indirect use:
“Users in an upstream system enter or make data available that is transferred to, or interacts with, the SAP software – for example, order entry in a mobile system, or users of a portal to the extent that they use functions of the software.
Users operate non-SAP software to access data that is read, modified, or stored using SAP software and for which they use SAP programs such as the BAPI® programming interface, remote function calls (RFC), or transaction calls.”
Examples of Potential Indirect Access Usage
“Business customers using an eCommerce platform to place sales orders
Sales representatives capturing sales orders via mobile device to input into SAP ERP
A third-party CRM system accessing data in SAP ERP
Partners and suppliers accessing SAP to check inventory and stock levels
Partner or suppliers running and accessing reports on SAP system data via SAP BO
Engineers entering plant maintenance data into SAP via mobile devices
A third-party logistics provider using a handheld device in the warehouse and accessing SAP ERP to get data on materials or stock movements.
Using Salesforce to view customer master data that resides in SAP ERP”
To understand if any given interface or third-party system scenario constitutes Indirect Access you must first examine the nature of the usage, and how data is being exchanged to and from SAP. Primarily, the risk of indirect access resides in your contract, so your SAP contract will be the key in determining if that usage constitutes Indirect Access and if you could be liable to pay SAP additional licensing fees.
This is all accurate in that it reflects SAP’s view on indirect access, but it does not question whether SAP’s definition of indirect access is correct. Therefore, it does not get into the topic of what I call Type 1 Versus Type 2 indirect access. It also does not get into why SAP’s definition of indirect access is so different from every other software vendor on the planet. These are important things to bring up.”
Why is Indirect Access Such a Hot Topic Right Now?
“There is a notable correlation between the global financial crisis and the emergence of Indirect Access. Firms spending power shrunk, and growth shrinkage resulted in less re-occurring annual licensing demand. With spending power and growth slowing down SAP have had to resort to other revenue streams and where Indirect Access had historically been low on SAP’s radar it became a focus. This has also been supported by two key trends. Firstly, the move to interfacing best-of-breed non-SAP applications to SAP, and the emergence of cloud technology and web based platforms extending the use of SAP out beyond the usual boundaries.”
Now, this is inaccurate.
The global financial crisis was ten years ago, and indirect access did not start being applied in any meaningful way until around 2013. Therefore it isn’t easy to see where JNC Consulting sees this connection. SAP is having slowed growth in ECC, which is related to several factors. Several SAP’s non-ERP applications have had serious implementation issues on projects, a topic which I cover in How SAP is Now Strip Mining its Customers. SAP consulting companies recommending SAP applications no matter what they fit with business requirements. SAP sold many applications that should have never been sold. And finally, SAP has been telling Wall Street a growth story that is not really capable of happening. I covered this topic in How SAP Mislead Analysts in Their Q1 2017 Call. So SAP has created their long-term revenue problem, and it is a bit compliant with JNC Consulting to try to pin this on the overall economy. It also brings up questions of JNC’s objectivity, as it seems like a made-up story by JNC to shield SAP from their own dysfunctional decision-making.
Secondly, SAP’s cloud offerings are not particularly competitive. So they are getting beaten out in that area. But those boundaries have not “been pushed out.” SAP is losing in essential markets. It takes a propagandist who can’t write what is happening to develop what JNC Consulting is proposing. But then again, JNC Consulting is not a research entity, they are a consulting company, and they have no organizational dedication to communicating truthful information. They exist to maximize profits.
“According to a typical SAP contract, users who indirectly access SAP must have an SAP user license too. There are numerous contractual inclusions or exclusions that could give rise to indirect access risk or protect you from it, and yes, every customers contract is different and different clauses and wording can give rise to Indirect Access risk. Sophisticated organizations specifically define the correlation between indirect access usage and license types in their SAP contracts, either at the initial negotiation before purchase or during annual maintenance. For example, they might write something like, “All indirect access will be classified as user type ESS.” Typically, if a non-SAP system accesses SAP data, the user of that external data needs to be covered by an appropriate SAP license. If you don’t have a clause in your contract, you’d be wise to agree with SAP what constitutes Indirect Usage to avoid any nasty surprises.
Every customers contract is different and different clauses and wording can give rise to Indirect Acccess risk”
And why is that? Why Isn’t JNC Consulting asking why SAP does not offer a standard indirect access set of rules to customers? Also, why is SAP taking a secretive approach to how it enforces indirect access?
Indirect Access FAQ’s
“From our experience these are the 5 most asked question about Indirect Access:”
2. My data passes through multiple connected systems. Would this be classed as Indirect Access?
“It depends on how those systems are connected to the SAP system and whether data is being created, manipulated, or viewed in the SAP system via the connected systems. It also depends on the activity of the users using the system. If they are operating in a way, in terms of their system usage activity that matches any contractual definition of a named-user then they will require the corresponding named-user license to cover that usage.”
Why JNC is drawing a distinction here is unclear. Any non-SAP application being connected to any SAP application is considered indirect access.
3. Is there a particular license type applicable to a named-user given the required permissions to access the SAP system indirectly?
“No, the normal rules behind the assignment of named-users apply. If it is small community of users are performing business critical activity they may all need a professional license. A large community of users viewing reports may need an ESS (Employee Self-service License), or indeed some form of specially negotiated blanket coverage usage license which provides a degree of flexibility across large external user populations or where user numbers frequently fluctuate.”
5. What about when SAP creates Indirect Access instances themselves when performing a systems integration or deployment
“SAP may well have been involved in or directly responsible for a third-party system and or performing the integration. Whilst contractually the usage can later be defined as indirect and therefor subject to indirect access licensing fees, any organisation would have a strong case in defending against having to pay these unexpected and un-illustrated fees at a later stage. If these costs had been explained at the time of purchase or implementation the customer may not have proceeded knowing the total licensing fees they would be faced with. JNC have successfully defended clients in this position on that basis.”
Right, JNC to the rescue. But it brings up an unanswered question: how legitimate can SAP’s claim was when they knew the other system was being connected to SAP the entire time and never alerted their customer? SAP has proposed that their consultants are not aware of indirect access rules, which is clearly misleading, as the SAP account manager would also have been aware of the integration to a non-SAP system. But SAP overall does not like non-SAP systems connected to SAP, as is covered in the article SAP’s Position on Connection Non-SAP Systems to SAP.
6. Are Indirect Access claims from SAP negotiable?
“Yes they are! JNC offer a service called Indirect Access Defence, which supports customer facing a claim for Indirect Access from SAP. We perform a detailed contract analysis and usage evaluation with a view to proving compliant usage. If there is a risk the usage in question could be non-compliant we help the customer by quantifying the risk, identifying target outcomes and developing a response and negotiation strategy. Due to the complexities of the contract and differences in interpretations of usage SAP can sometimes get it wrong meaning their claim for Indiorect Access can either be proven to be excessive or completely unsubstanciable. So yes, its negotiable so give it a shot! If you need help, call JNC!”
They are negotiable because SAP wants to use the indirect access claim to get the customer to buy more SAP applications. And here we go with JNC pitching its services.
Map the interface environment
“The first step is to get a clear picture of the interface environment by mapping all SAP systems, and mapping interfaces both to, from, and between SAP systems. From a technical point of view, you need to map your RFC connections to the organization’s systems. A good starting point would be to map all of the connections in T-Code SM59 (RFC Destinations) and review all incoming RFC connections through T-Code ST03N (Workload and Performance Statistics). Architects, technical managers, systems owners, and integration experts can all collaborate to build this picture. The task to identify Indirect Usage becomes all the more difficult if you have multiple servers and applications spanning different geographies, operation verticals and service lines.”
This is all true.
Carry out a contract review
“A thorough and detailed contract review needs to be carried out to understand the terms and conditions that impact indirect access usage obligations. As mentioned earlier in the article there are clauses or a lack thereof that can give rise to Indirect Access or protect you from it. With an understanding of these terms and conditions it is possible then to perform an enterprise wide assessment of all interfaces to determine if that usage gives rise to any Indirect Access liability as defined in the contract.”
So this is leading to the reader contacting JNC consulting.
Perform an Indirect Access risk assessment
“With a detailed understanding of indirect systems usage and contractual entitlement an assessment of licensing risk can then be made on a system-by-system basis. Risk indicators (high, medium, and low for example) can be assigned to all third-party systems. High risk usage can be pro-actively addressed by seeking to procure entitlement from SAP, which will most certainly involve negotiation. It is highly beneficial to approach SAP to discuss your needs rather than be discovered by them, and to come prepared with a clearly defined position and target outcome. For all levels of risk, the risk should be quantified by looking at the potential cost of licensing that usage correctly.”
This is again leading to the reader contacting JNC consulting.
Define Your Risk Response and Negotiation Strategy
“The low or no risk usage can be dealt with by writing a business case demonstrating compliant usage referring both to the detailed technical and functional evaluation of the usage and the contract analysis. If SAP were to come knocking on your door regarding indirect access you will be prepared to present your business cases to SAP defending your indirect usage as compliant. Demonstrating to SAP that you are knowledgeable and prepared goes a long way to dispelling any further advances and contributes to Vendor Audit Readiness. Where high risk usage is identified, which is most likely non-compliant and the risk response is to present this to SAP to buy entitlement, the act of having the usage under question clearly defined will help your organisation perform better in the negotiations and most likely result in a better licensing deal. Leaving indirect access to be discovered and pursued by SAP could result in significant and unexpected licensing fees.”
This is all true, but it falls into the category of “be prepared” rather than providing insights into indirect access.
Indirect Access Conclusion
“With the continued global uptake in SAP the issue of Indirect Access has most certainly not peeked. As a result of some high-profile cases and an increase in awareness within the SAP eco-system, far more organisations are taking action to deal with Indirect Access risk. Some in response to a claim that has been presented by SAP and some with the foresight to address it pro-actively to identify any risk, quantify potential license fee exposure, take appropriate steps to mitigate the risk and minimise their potential exposure. The key to successfully dealing with Indirect Access risk is to get informed, put in place an Indirect Access action plan, and be prepared for a licensing audit.”
“The key to successfully dealing with Indirect Access risk is to get informed, put in place an Indirect Access action plan, and be prepared for a licensing audit”
This is all true. However, this article seems to be mainly about getting people to contact JNC Consulting. The article is doing an excellent job of identifying the issue but is not providing much information outside of that.
This article is accurate mostly. But it has several significant problems:
- But it is instead deliberately leaving out information that could help the reader.
- It made up a fake narrative to explain why SAP has been increasing its enforcement of indirect access.
- The article is entirely promotional on JNC and never questions whether SAP’s claims are even legitimate.
The article could have been written by SAP rather than by an entity posing as independent of SAP. Will JNC Consulting behaves as an independent entity representing customers’ interests when hired, or will they show the same compliance to SAP that they have demonstrated in this article? No consulting company in IT is a fiduciary. This means that no consulting company in IT (that I have ever heard of) has signed a legal document that declares they have to place their customer’s interests ahead of their own. Therefore, the independence or lack of independence of any advisory entity that is hired is of paramount importance.
Therefore while some of what is presented in the article are accurate, what it leaves out leaves the reader misinformed. For this reason, this article receives a Brightwork Accuracy Score of 6 out of 10.
Overall, it seems strange that this would be the top article on indirect access on the web. It is certainly not due to the accuracy of the article.
The Problem: Secrecy Around Indirect Access
Oracle, SAP, and their consulting partners, ASUG, and the IT media entities all have something in common. They don’t want indirect access understood. Media outlets like Diginomica are paid to distribute PR releases as articles, as we covered in the article SAP’s Recycled Indirect Access Damage Control for 2018. The intent is to lower SAP customers’ concern around indirect access so that indirect access is underestimated, as we covered in the article The Danger in Underestimating SAP Indirect Access.
The primary providers of information in the SAP space are all financially linked to SAP. SAP does not want indirect access understood, so these entities do as they are told by SAP.