The Danger in Underestimating SAP Indirect Access

Executive Summary

  • SAP would like its customers to underestimate the liability of indirect access.
  • This article covers why doing this is a problem.


Indirect access tends only to be known companies that have not been subject to an indirect access claim when primary indirect access (IA) public event occurs, such as a court case documents being filed. Good examples of this are Diageo and InBev. However, what is the prevalence of indirect access?

In this article, we will discuss information that has been coming in from the field. But first, we will begin with what SAP would like their customers to believe about the prevalence of indirect access. 

Our References for This Article

If you want to see our references for this article and other related Brightwork articles, see this link.

Notice of Lack of Financial Bias: We have no financial ties to SAP or any other entity mentioned in this article.

  • This is published by a research entity, not some lowbrow entity that is part of the SAP ecosystem. 
  • Second, no one paid for this article to be written, and it is not pretending to inform you while being rigged to sell you software or consulting services. Unlike nearly every other article you will find from Google on this topic, it has had no input from any company's marketing or sales department. As you are reading this article, consider how rare this is. The vast majority of information on the Internet on SAP is provided by SAP, which is filled with false claims and sleazy consulting companies and SAP consultants who will tell any lie for personal benefit. Furthermore, SAP pays off all IT analysts -- who have the same concern for accuracy as SAP. Not one of these entities will disclose their pro-SAP financial bias to their readers. 

What SAP and SAP Consulting Partners Would Like Customers to Believe

Generally, both SAP and the SAP consulting partners prefer that their customers know nothing about indirect access. It is amusing to see IBM, Deloitte, or Accenture comment on how to manage indirect access.

Consulting companies that compete to see how to ingratiate themselves to SAP, don’t dare risk offending them as an example of a recent pursuit. The client was not told about indirect access and had to find out about it from a competing vendor. The customer asked the consulting company why they had not informed them of the indirect access liability.

How Much Does SAP Want Customers and Prospects to Lower Their Guard?

At SAPPHIRE, SAP produced an announcement to assuage their customers’ concerns about indirect access.

I analyzed this announcement in the article How to Best Understand SAP’s Faux Policy Change on Indirect Access. I concluded that there was no policy change aside from more specific charging of customers when SAP brings and indirect access claim. DSAG, which is the German SAP user group, and UpperEdge, were two of the only other media entities willing to call out SAP when they are wrong on indirect access, came to the same conclusion that I did on the announcement.

Since that article, I have learned that SAP will not even publish what it intends to charge per purchase order or sales order for indirect access, which was a significant part of the announcement. Instead, SAP has stated that customers would be charged “on a case by case basis.” Of course, they will be. This increases the secrecy of the cost of indirect access. The announcement made it seem like SAP is opening up, but then when asked questions, SAP goes back into secrecy mode.

Listening to ASUG on the Frequency of Indirect Access?

ASUG, which is supposed to be a user group, but is a marketing arm of SAP, has told members that indirect access is rare. The high-profile cases (such as Diageo and InBev) push it to the forefront. This is covered in more detail in the article Is ASUG Lying About the Frequency of SAP Indirect Access? 

As ASUG is just SAP in “sheep’s clothing,” we can take from ASUG’s stance that this is what SAP wants customers to think about indirect access. I have never been in an SAP-ASUG meeting, but by the looks of it, they get together, and SAP tells ASUG precisely what messages they want to relay, and ASUG relays those messages, no questions asked.

All of this is curious because ASUG members pay membership fees and fly to ASUG conferences to be told inaccurate information is 100% beneficial to SAP and the customer’s disadvantage and is what SAP wants them to believe. ASUG cannot represent both the interests of SAP and its members.

  • As I stated in the “Faux Policy Change Article,” SAP’s overall intent is to get its customers to lower their guard.
  • The less their customers are prepared, the more SAP can use indirect access as a hammer against them.
  • Time is of the essence. SAP uses shortened timelines to get customers to acquiesce to their demands. The less preparatory work they have done before SAP drops an indirect access claim upon them, the more likely they will end up doing what SAP wants, and this is covered in the article The Time Issue Faced with Indirect Access.

The Reality of Indirect Access Frequency 

SAP has been quite useful with indirect access to drive license revenues, so they don’t have an excellent reason to stop doing it. They are catching customers off guard, and an indigent defense is ordinarily available to them. And vendors that are affected by indirect access are uncoordinated. Primarily the issue is dealt with by individual account teams that are, in most cases, not coordinated even within a single software vendor concerning indirect access.

There are several other reasons for SAP’s success against customers in indirect access.

  1. Source Issues and Finding Unbiased Representation: Many sources relied upon for information on indirect access have already aligned with or are in some way remotely controlled by SAP. This is covered in the article Taking a Multidimensional Approach to Indirect Access.
  2. Confusion with the Role of Attorneys: Few attorneys know anything about indirect access. Unless the issue is going to court, and this is unlikely and unknown by anyone early in the process, unless the attorney already has a strong familiarity with indirect access, hiring an attorney is not going to help very much. Several steps do help. And keeping good notes is essential whether an attorney is eventually contacted or whether they are not engaged. Secondly, bringing up attorneys that are unfamiliar with the topic is a lengthy process. If an indirect access claim is brought, time is essential in controlling the situation.
  3. The Lack of SAM Software: Surprising as it may seem, most SAP customers still don’t use SAM software. So when SAP drops an indirect access claim on them, they aren’t even in a position to know their overall license usage or their specific indirect access exposure. SAM covers all usage measurements, indirect access being just one. Customers don’t want SAM software installed and then have to deal with going through a SAM project, negotiating with the SAM vendor, then learning how SAM software reports look. All with SAP and an indirect access claim and their short timelines for a response, putting extra pressure on the company. SAM software and projects are measured in the hundreds of thousands and are suitable for more than indirect access. Indirect access claims are measured in the millions and sometimes tens of millions.

Indirect Access Frequency

The information I am getting from the field is that indirect access is increasing.

I have been tracking indirect access for around a year and a half. This was the point when vendors first started communicating to me that SAP would bring up the topic of indirect access charges as soon as it looked like the other vendor was about to get a contract from SAP.

And what is also interesting is that the indirect access issues brought up to me have been all over the spectrum of the different software categories. However, CRM does seem to be one of SAP’s favorite areas to bring indirect access claims. SAP seems to have an anger management issue when losing to Salesforce.

However, the outcome of these indirect access claims is usually the same. The customer is forced to purchase software from SAP. It never wanted to purchase. When SAP reports sales to Wall Street, it implies that 100% of them are voluntary. However, with SAP’s use of indirect access and increasing percentage, are sales motivated by indirect access claims?

The Size of Indirect Access Claims

The size of indirect access claims is also increasing. I am now learning tens of millions of dollars in indirect access claims. I have individual case studies but do not want to publish a specific multiple of tens of millions. SAP benefits if these case studies are kept as secret as possible.

These claims’ size changes behavior and allows SAP to win license sales they had lost before bringing the claim.

I am researching indirect access, which I will publish, and the announcement is described in this article. Vendors and customers impacted by indirect access must share their stories. The more that it is kept a secret, the more SAP wins. If vendors fear reprisal by SAP, that is what anonymous sourcing is all about. I have yet to expose any source that I kept anonymously.


SAP is ramping up, not ramping down, its indirect access claims against its customers and the claim sizes are growing. One should not be lulled into a false sense of security by Bill McDermott’s happy face at SAPPHIRE on this topic. As I said previously, Bill McDermott was explicitly chosen by Hasso Plattner because, according to Hasso, SAP needed a “happy face.” But McDermott’s pleasant demeanor starkly contrasts the hard edge I witness in SAP’s use of indirect access for many SAP customers.

SAP customers are receiving much inaccurate information from ASUG to Deloitte to Diginomica. This is because so many IT entities depend on SAP for their revenues. The money is obviously on the side of agreeing with SAP. One reader recently told me to switch sides and begin writing in favor of SAP, as the pay is much better.

Companies dependent on SAP for their revenues cannot write objectively or provide objective advice about SAP. Other entities like JNC Consulting do not even seem to question (in their articles) whether the Type 2 indirect access employed by SAP is valid or its historical context.

This, combined with the timelines imposed by SAP on indirect access claims, means that the deck is firmly stacked in their favor. One way to keep it this way is to underreport and de-emphasize the widespread use of indirect access.

The Problem: Secrecy Around Indirect Access

Oracle, SAP, and their consulting partners, ASUG, and the IT media entities all have something in common. They don’t want indirect access understood. Media outlets like Diginomica are paid to distribute PR releases as articles, as we covered in the article SAP’s Recycled Indirect Access Damage Control for 2018. The intent is to lower SAP customers’ concern around indirect access so that indirect access is underestimated, as we covered in the article The Danger in Underestimating SAP Indirect Access.

The primary providers of information in the SAP space are all financially linked to SAP. SAP does not want indirect access understood, so these entities do as SAP tells them.