SAP indirect access has generated more enterprise licensing disputes than any other topic in enterprise software. Understanding your exposure — and how to resolve it — is essential before any SAP audit, renewal, or migration conversation.
SAP indirect access — also called indirect use or digital access — refers to situations where SAP data or system functionality is used through a non-SAP interface rather than through direct SAP GUI or Fiori interaction. Under SAP's standard End User Licence Agreement, every individual who interacts with SAP data — regardless of which system they use to do so — may require a named user licence.
The practical implications are enormous. Consider a manufacturing company whose production operators query SAP inventory data through a custom MES (Manufacturing Execution System) screen. The operators never log into SAP; they see only the MES interface. But if that MES pulls data from SAP in real time, SAP's historical position is that every operator using that screen is indirectly using SAP and requires a licence. At £200–£800 per user per year (Professional user rates), a 10,000-person factory floor represents £2–8 million of annual licence exposure — for a system their users have never seen.
This guide is part of our SAP license negotiation pillar guide. For context on how indirect access fits within the broader SAP commercial risk landscape, see also our SAP audit defence guide.
In 2017, SAP won a landmark case against Diageo for £68 million in indirect access licence fees. This case, and subsequent settlements at other large enterprises, confirmed that SAP will pursue indirect access claims commercially and legally. If your SAP landscape includes integration with third-party systems, portals, RPA tools, or API-connected applications, you almost certainly have indirect access exposure.
Indirect access exposure appears in virtually every complex SAP deployment. The following scenarios represent the most common sources of undisclosed liability.
Want independent help negotiating better terms? We rank the top advisory firms across 14 vendor categories — free matching, no commitment.
| Scenario | Example | Risk Level | ECC Exposure | S/4 Digital Access |
|---|---|---|---|---|
| MES / OT Integration | Factory floor querying SAP inventory, production orders | Very High | Per-user named licence | Per-document (production orders) |
| Customer Portal | Customers viewing SAP order status via web portal | High | Per-user named licence | Per-document (sales orders) |
| RPA / Automation | UiPath/Automation Anywhere bots processing SAP transactions | High | Per-user named licence per bot | Per-document created/changed |
| CRM Integration | Salesforce pulling SAP customer/order data via API | Medium-High | Per CRM user accessing SAP data | Per-document (orders, quotes) |
| HR System Integration | Workday/SuccessFactors syncing with SAP HR | Medium | Per HR user with SAP data access | Often excluded — HR payslips |
| BI / Reporting Tools | Tableau/Power BI reporting on SAP data warehouse | Medium | Depends on data access method | Read-only reporting — lower risk |
| API/Middleware | MuleSoft/Dell Boomi connecting SAP to other systems | Medium | Per end-user behind integration | Per-document created via API |
In response to the indirect access controversy — and following the public attention generated by the Diageo case — SAP introduced the Digital Access model in 2018. For S/4HANA customers, Digital Access replaces the per-user indirect access model with a per-document metric: you pay a fixed fee per SAP document created, changed, or cancelled via a third-party interface rather than paying per indirect user.
SAP has defined nine digital document types that are subject to Digital Access charging. These are the SAP document types most commonly created or modified via integrations: sales orders, purchase orders, production orders, goods receipt/issue, service entries, customer invoices, supplier invoices, customer deliveries, and outbound deliveries. Each document type has a published price per 1,000 documents (or similar volume metric), and customers negotiate a block of document entitlement as part of their S/4HANA agreement.
The Digital Access model offers several advantages over historical per-user indirect access: it is more predictable (document volumes are measurable), it is more proportional to actual business activity, and it resolves the conceptual unfairness of charging user licences for people who never interact with SAP. However, if your digital document volumes are high — as they are in manufacturing, logistics, and retail — Digital Access can still represent a substantial cost.
Digital Access is not automatic — it must be contractually adopted as part of your S/4HANA agreement. Migrating from ECC to S/4HANA without explicitly addressing Digital Access in the migration contract is a common mistake that leaves customers in a contractual grey area and exposed to ongoing indirect access risk.
| Document Type | Example Source System | Relative Price Band | High Volume Risk |
|---|---|---|---|
| Sales Order | eCommerce, CRM, EDI | High | Yes — retail, B2B |
| Purchase Order | Procurement platform, supplier portal | High | Yes — manufacturing |
| Production Order | MES, scheduling systems | High | Yes — discrete mfg |
| Goods Movement | WMS, MES, IoT sensors | Medium-High | Yes — logistics |
| Customer Invoice | Billing platform, ERP integration | Medium | Medium |
| Supplier Invoice | AP automation, OCR/scanning | Medium-Low | Medium |
| Service Entry Sheet | Field service management | Low-Medium | Lower |
One of the most important distinctions in SAP indirect access is the treatment difference between SAP ECC and S/4HANA. This difference has significant implications for both current compliance management and migration strategy.
Get the IT Negotiation Playbook — free
Used by 4,200+ IT directors and procurement leads. Oracle, Microsoft, SAP, Cloud — all covered.
SAP ECC customers operate under the original indirect access provisions of the SAP EULA, which impose a per-user model — any individual accessing SAP data through a third-party system potentially requires a named user licence. SAP has not formally introduced Digital Access for ECC, meaning that resolving ECC indirect access exposure requires either negotiating a specific indirect access agreement, resolving the exposure through a migration to S/4HANA under Digital Access terms, or accepting the compliance risk.
The lack of Digital Access for ECC creates a commercial dependency: the most commercially clean path to resolving historic ECC indirect access exposure is migrating to S/4HANA under a Digital Access agreement. SAP is aware of this dynamic and uses it as part of the migration commercial conversation — offering to resolve historic indirect access claims as part of a migration commercial package.
S/4HANA customers can adopt the Digital Access model, but it is not automatically included. The S/4HANA agreement must explicitly include Digital Access licensing, with negotiated document entitlement levels for each applicable document type. Customers who have migrated to S/4HANA without addressing Digital Access contractually are in a position where both the historical per-user model and the new per-document model could potentially apply — creating maximum ambiguity and exposure.
Before engaging with SAP on any indirect access conversation — whether proactively in a migration negotiation or defensively in an audit — you must understand your own exposure. This requires a structured assessment across your SAP integration landscape.
Inventory every system that interacts with SAP — reads from SAP, writes to SAP, or passes data through an integration layer that touches SAP. Include: CRM and ERP-to-ERP integrations, portal and web applications, mobile applications, MES and operational technology systems, RPA automations, middleware platforms (MuleSoft, Dell Boomi, SAP Integration Suite), BI and reporting tools, and EDI systems. This inventory is often surprisingly large — most enterprises have 50–200 integration touchpoints with SAP.
For each integration, determine: whether it creates, reads, or modifies SAP data; how many end users or automated processes use the integration; what SAP document types or business objects are involved; and whether the interaction is real-time or batch. This classification determines both your ECC exposure (per user count) and your Digital Access metric (per document volume).
Apply SAP's indirect access pricing to your user counts (for ECC) or your document volumes (for S/4HANA Digital Access). For ECC, use the Professional User price as a conservative exposure estimate — SAP's audit position is typically to licence indirect users at the highest applicable rate. For Digital Access, use SAP's published document pricing as a baseline and model against your annual document volumes.
Do you know your full SAP indirect access exposure?
Once you have quantified your indirect access exposure, the remediation options fall into three categories: architectural changes to eliminate the exposure, licensing changes to cover the exposure, and commercial negotiation to resolve it.
In some cases, indirect access exposure can be eliminated or reduced through architectural changes. Replacing an SAP-connected integration with a data warehouse or read replica removes the real-time SAP data dependency that creates indirect access risk. Moving from a user-authenticated integration to a document-based API interaction converts the liability model from per-user to per-document. Implementing SAP's published integration patterns (using SAP Integration Suite rather than direct database connections) may reduce exposure in certain scenarios. Architectural remediation requires specialist SAP technical and commercial expertise to ensure that proposed changes genuinely resolve the licensing risk rather than simply reframing it.
Where indirect access exposure cannot be eliminated architecturally, purchasing the required Digital Access entitlement (for S/4HANA) or agreeing an indirect access licence package (for ECC) resolves the compliance position. The key commercial challenge is negotiating the licence quantity and rate. SAP's initial position in indirect access discussions is typically to charge at full list price for all exposed users or document volumes — an experienced negotiator will significantly reduce this through volume negotiation, migration commitments, and audit settlement leverage.
For ECC customers, the most commercially efficient resolution to historic indirect access exposure is often to negotiate it away as part of the S/4HANA migration commercial package. SAP will frequently waive or substantially discount historic indirect access claims in exchange for a migration commitment under Digital Access terms. This converts an unresolved and growing compliance liability into a defined, negotiated Digital Access cost within a migration agreement. For migration negotiation tactics, see our S/4HANA migration negotiation guide.
Whether you are resolving indirect access in the context of an audit, a migration, or a proactive remediation programme, the commercial negotiation approach is critical to the outcome.
The most common mistake enterprise organisations make is raising indirect access with SAP before they have completed their own assessment and formed a commercial strategy. SAP's account and audit teams will use any voluntary disclosure as a basis for a compliance demand — and the demand will typically exceed what an informed negotiator would agree to pay. Conduct your internal assessment, understand your exposure, and develop your position before initiating any conversation with SAP about indirect access.
If you are planning to migrate to S/4HANA, indirect access resolution belongs in the migration commercial discussion — not in a separate licensing conversation. Bundling indirect access resolution into migration commercial terms gives you more negotiating levers (migration commitment, term length, BTP adoption) and prevents SAP from treating it as a standalone compliance demand.
When agreeing Digital Access entitlement levels, ensure the document pack reflects your actual and projected document volumes with headroom for business growth. Committing to an under-sized document pack saves money upfront but creates immediate over-consumption exposure that is more expensive to remedy mid-contract. Equally, committing to dramatically more documents than you need wastes money. Commission an independent digital document volume assessment before finalising any Digital Access agreement.
An independent assessment puts you in control — not SAP. Connect with a specialist who can quantify your risk and help you resolve it commercially.