Dealing with Surprise SAP License Charges: Indirect Access

Last Updated on March 25, 2021 by Shaun Snapp

Executive Summary

  • SAP has specific motivations for enforcing the fallacious concept of indirect access.
  • SAP intends to use indirect access as a toll booth for customers that are locked into SAP.

Introduction to Indirect Access License Charges

This article will focus on an issue that is very much under the radar, which is license audits.

So what are license audits, many may ask? A license audit is when a software vendor goes into a company post-sale and reviews if the agreement uses the licenses in the contract between the customer and the vendor. A simple example of this will be if a customer has 200 users using the system only for 150 seats.

Our References for This Article

If you want to see our references for this article and other related Brightwork articles, see this link.

Lack of Financial Bias Notice: We have no financial ties to SAP or any other entity mentioned in this article.

  • This is published by a research entity.
  • Second, no one paid for this article to be written, and it is not pretending to inform you while being rigged to sell you software or consulting services. Unlike nearly every other article you will find from Google on this topic, it has had no input from any company's marketing or sales department. 

How License Audits Are Used to Enhanced Revenues

License audits are important revenue enhancers for SAP. I will not simply take the buyers’ side as not all license audits are underhanded attempts by SAP to raise revenue. And a perfect example of this is virtualization. One of the primary drivers for the virtualization craze of a few years ago was the idea that buyers could reduce their payments to software vendors by using virtualization software. Virtualization could never have been simply about saving money on hardware. Virtualization became less popular when software vendors adjusted for this in their pricing to account for virtualization. Therefore, companies were no longer able to save the same amount of money by virtualization. This is one reason, along with the saturation of the market, that the growth of VMWare has stalled and why I have them listed as a problem child on the top 23 global software vendor list. Without the ability to audit accounts, SAP customers would have gotten away with paying less than was agreed upon for SAP software.

Indeed, software vendors do have the right to determine if their software is being used in line with the rules set out in the license agreement. License audits, when used honestly, prevent the buyer of software by using more of the software than what they paid for.

However, some of the areas I will cover today demonstrate what I believe are misuses of license agreements and audits on SAP.

What is Indirect Access?

One of the most controversial areas of SAP’s audit enforcement is called indirect access. Indirect access is where the customer accesses data within the SAP database without using SAP to do it.

This is an issue that is only set to grow with the rise of apps that are currently becoming more popular. SAP does have some logical points in its favor on indirect access in that it is becoming more common than ever for companies to access the data of systems. And not just SAP systems. This applies to all systems without using the SAPGUI or the SAP UI. Fiori (which I cover in the LinkedIn articles What is Actually in the Fiori Box? and How Gartner Got Fiori so Wrong) can access SAP data. As Fiori is an SAP product, this is not a problem for SAP. SAP does not charge for Fiori.

However, what if an SAP customer wants to use another vendor’s apps to access the SAP data? Well, this is when it becomes a thorny topic. This is an issue that has flown under the radar. But it is quite remarkable, and it is a perfect example of how an entrenched software vendor can use its position of power within its customers to block out other vendors.

SAP’s Motivations and Enforcement

SAP is having problems migrating its customers to its HANA database and HANA applications like S/4. I cover in articles like Faster, HANA, or Oracle 12c, the argument for HANA outside of analytics applications is extremely weak. The case for HANA as a differentiated or unique database, something which is often stated by SAP and then reflexively repeated by SAP partners, is now apparently false.

The pressures placed upon account executives at SAP pushes for creative ways to get more revenues from customers. Imagine you are an SAP sales executive that has a big quota. But you don’t have the territory or other factors to make your quota and the new things that SAP has to offer. S4 and HANA are not all that compelling to customers.

At this point, you have to begin to get creative.

Interviews with different people indicate that a variable standard is applied with independent access.

  1. This changing standard depends upon whether the customer has recently purchased SAP applications or is seen as a potential customer for SAP products.
  2. If the client shows lower revenue potential, the indirect access audit is far more likely. SAP realizes that engaging in this is a turn-off to customers. Some clients SAP can “more afford” to turn off than others.

Just as with pricing, different customers have varying degrees of leverage in their relationship with SAP.

Paying SAP When A Customer Buys Something Other Than Fiori

SAP believes that its license contract allows it to charge as many Fiori licenses are purchased from a non-SAP user interface. So if you buy 100 seats for the XYZ user interface.

Generally, SAP uses its “use policy” to prevent 3rd party purchases. And this is the logic that is used to do it. This is the most important part of the article, so let us give this the necessary attention.

  1. Per SAP’s interpretation of its use policy, since the customer uses SAP’s processing power, any data generated from SAP cannot be consumed by other 3rd party systems. (e.g.. another user interface, app, BI tool, etc.).
  2. If any 3rd party system consumes the SAP data, all 3rd party users are considered SAP users, and the customer has to pay each as a user. SAP usually does not directly tell customers to use Fiori, but the natural implication is if a client chooses to use Fiori, then there are no out-of-pocket expenses.
  3. If the same client uses a 3rd party system, then SAP makes it so expensive with this clause that it is unlikely most consumers will pay twice for the same requirements.

Purchasing Fiori Licenses

This forces the customer to obtain one Fiori license for every license they buy a competitor’s product. SAP may tell the client before they make their purchase. They may also choose to do so after they make the purchase. This is when it becomes part of a license audit.

  1. It stops or has a high potential to halt the purchase and potentially redirect the investment to Fiori licenses (which most SAP customers don’t want, which I cover in What is Actually in the Fiori Box?).
  2. It may stop the sale of any product as the client, in many cases, won’t buy Fiori, and in the second instance, it naturally raises money for SAP that the customer must pay as they already purchased the other app provider.

US Anti-Trust Law

The behavior is particularly brazen on SAP when operating in the US because it contradicts US Anti-Trust Law. One of the areas of the law is this quotation.

“The willful acquisition or maintenance of that power as distinguished from growth or development as a consequence of a superior product, business acumen, or historic accident.”

SAP is using this policy to interfere with purchases for a competitor. The following quotation is from one SAP customer.

“SAP is using its USE policy to dictate & control our destiny. They first ask us to share what product we would be buying, for what would we use and ask us to include price details. Then they will come back and say what & how much the impact will be of additional SAP licenses.

When we push back, they ask us to buy a SAP product, which does not fit our requirements in the first place.”

This is textbook anti-trust behavior. The entity uses its ability to interfere with a competitive purchase to push its product onto the client. Microsoft did the same thing for years, albeit using different tactics.

Using the Most Expensive Law Firms

SAP uses costly law firms. I worked for one on a contractual basis that was out of Washington, D.C. This was probably the most generous office space I have ever been to in my life.

  • SAP is informed by these law firms necessarily how much they can push or even violate laws as the firms are completely up to date as to which laws are enforced and which are not.
  • If you intend to use SAP directly, you better bring a big piggy bank.
  • This is why regulation items should be managed by regulation rather than asking small vendors who do not have the resources to litigate against entities like SAP. It is also why people who think that these things can only be sorted out by “the market” have no idea what they are talking about. Where barriers can be constructed through market size or other factors, regulation is required to have a functioning market. SAP does not have 13,000 partners to participate in the market but to (or “intending to”) building monopoly power to maximize its revenues and profits. Let us take an example of an apple stand at a farmer’s market. If the larger apple stand lowers its prices for several months to drive its competitors away from the farmers market, regulation is required to stop this, or the farmers market will have a monopoly in Apple stand providers. And in fact, this is a rather poor example as there are few barriers to erecting an apple stand. In sectors where there are high entry barriers, the acquisition of monopoly power is tough to “the market” to correct without some interference. A perfect example of this is Microsoft, which pulls out roughly $100 Billion in revenue per year, a very significant percentage of all software revenues for shockingly little actual output.

 SAP as a Toll Booth?

The orientation of SAP is to increasingly view its systems as a toll booth that requires a payment if a non-SAP system accesses its data. Almost all companies buy SAP products on the company’s flagship ERP system. And ERP systems concentrate a lot on the business’s data. ERP systems were certainly not sold on the premise of being a toll road, but now that SAP has such a large installed base, it is in the position to ask for this.

Customer’s Anger

I obtained the following quotes from real customers that have been adversely affected by SAP’s actions described in the previous paragraphs.

Here are some interesting quotes that are taken from some companies:

“Basically SAP is asking to get paid for all non-SAP users that might be touching SAP data indirectly.. For e.g. if a company integrates Salesforce with SAP, then SAP can ask to pay for all Salesforce users, even though they may not be SAP users..”

I thought this was an interesting quotation because it applies to another large software company, Salesforce.

I received this anonymous quote, which is supportive of some of the indirect access that is enforced by SAP.

“You can’t argue that SAP customers know what they are signing on – most of them have large legal departments that inspect any word in the contracts. Furthermore, let’s look at the “classical” business case for indirect access: an SAP customer who has 1,000 salesforce users that use only 1 SAP username to access SAP. You will probably agree that in this case SAP is entitled to charge some kind of license for these 1,000 users who indirectly access SAP and use information from SAP.”

One topic I would bring up in return is if the customer purchased 1000 licenses of SAP CRM, would SAP charge for another 1000 licenses of SAP ERP?

  • If the answer is no, then SAP’s policy creates a barrier to buying other applications, and this stance is hypocritical and a red herring.
  • If a barrier is created, this is anti-competitive behavior.

Secondly, if SAP ERP is being connected to Salesforce and if a sales order is created in Salesforce that goes into SAP ERP and then a person opens that sales order in SAP ERP without having a Salesforce license, then doesn’t the company owe Salesforce a user license as well? If every software vendor must be paid for double, triple, or quadruple licenses because some other system uses its data, we seem to be graduating into a different pricing environment.

Further Quotations

This is another quotation from an SAP customer hit with indirect access issues by SAP.

“We tried arguing saying we will use file downloads instead of remote function calls or IDocs (that is ways of pulling data from SAP). That way its not a direct interface to SAP. Their argument is – it does not matter how you interface. You are using SAP’s processing power to generate output and use it in other places, hence liable to pay SAP, anytime, anyone uses the output generated by SAP”

I think SAP’s comment here is wrong. If followed through, this statement or logic would allow SAP to charge a company licenses for any application that was connected to SAP and to any data that were exported from SAP (say for use in a spreadsheet) or for any data that were extracted to a report within a non-SAP system.

The next quotation is similar to what I pointed out earlier regarding the US anti-trust laws.

“SAP will invite US Anti-Trust laws against itself, if it tries to do too much in the US. The data is our IP and SAP cannot ask for licenses if I stage the data, (even on a temporary basis), Enhance it by using some other software and post it back into SAP.”

I agree with the quote in principle but not in practice because I know how little anti-trust laws are enforced in the US.

SAP is doing this precisely because their attorneys have analyzed the playing field and have no fear of the US Federal Trade Commission taking any action.

The Implications for the Competitive Landscape

If large companies can beat smaller companies not based upon their products or service but just based upon coercing buyers through any number of techniques, then the market becomes less competitive. Here is a hint that larger companies will attempt to use these techniques without regulation because there are no repercussions.

Beyond SAP

The issue is that SAP is setting norms in the enterprise software industry. Other software vendors, those with a growing market share or if they have a “tight” hold on the customer, are (or will be) pushing re-licensing. Oracle, Salesforce, Microsoft was specially mentioned, and they are all waiting and watching how SAP is doing this.

If SAP is successful with its definition of indirect access, then these players will most likely be (or already are) making a move to enforcing indirect access. Other enterprise players looking to grow the market share or do not have the “tight” hold on the customer are not looking to do this.


Some of the indirect access claims made by SAP are used to unfairly limit competition, making them illegal under the Sherman Anti-Trust Act. However, what is legal and what illegal has less to do with what is on the books and more to do with what is enforced. The FTC does little to enforce the US’s well-designed anti-trust legislation. US citizens have no idea what anti-trust legislation is or why it is necessary. However, there are techniques for dealing with SAP’s use of indirect access.

Some companies specialize in SAP and Oracle audit management. One company that I found when doing this research that had impressive content is UpperEdge.

Getting specialists in this is important because consulting companies will not want to stand up to SAP. Their primary objective is to increase some SAP services that they sell, and supporting their clients or giving them information to help against SAP is not where the consulting company wants to be. Consulting companies can be easily retaliated against by SAP, and therefore they won’t risk offending SAP. SAP’s consulting partners should be viewed as merely adjunct sales arms of SAP itself with an ingrained inability to present a non SAP biased perspective to their clients. Their role is to repeat SAP was messaging and till the cash register.

There is specialized knowledge necessary for developing the data to determine the right numbers of the different types of licenses to purchase and how to prepare for an SAP audit.

  • Most companies do not have the internal knowledge to do a good job at this.
  • SAP, on the other hand, is a specialist at auditing companies. They have a dedicated team that does nothing but audits.