What Is SAP Indirect Access?
SAP indirect access — or indirect use — occurs when a third-party system, application, or device accesses SAP data or processes SAP transactions without those users logging directly into SAP's front-end interfaces. The classic example: a custom warehouse management system that reads inventory data from SAP via an RFC connection, without any warehouse worker having an individual SAP user licence.
SAP's position, enforced aggressively since around 2016, is that users or systems that access SAP data indirectly are still "using" SAP and therefore require SAP licences. The commercial logic — and it is a commercial argument dressed as a compliance argument — is that the value SAP provides flows through these integrations, and SAP is entitled to compensation for that value regardless of how the access occurs. This position is contractually contested, legally disputed, and commercially driven.
Understanding this in the context of the broader audit defense framework is important. SAP indirect access claims are not clear-cut compliance violations — they are contested interpretations of licence terms that SAP applies aggressively and that are routinely reduced through professional dispute and negotiation.
Free Guide
SAP S/4HANA Negotiation Playbook
Proven tactics for reducing SAP costs: indirect access defence, RISE pricing, and S/4HANA migration.
The Diageo precedent: In 2017, SAP won a UK court judgment against Diageo for indirect access, with the court finding that Salesforce CRM users accessing SAP data without SAP licences constituted indirect use. This judgment, while limited in jurisdiction and factual scope, emboldened SAP to pursue indirect access claims globally. However, subsequent cases and settlements have demonstrated that the claim amount — not the principle — is highly negotiable. The Diageo principle does not establish the quantum SAP claims.
SAP Digital Access Licensing
In 2018–2019, SAP introduced its Digital Access (DA) licensing model, presented as a simpler and more transparent alternative to the traditional indirect access assessment. Digital Access uses a "document-based" pricing metric — the number of documents created in SAP (sales orders, delivery notes, purchase orders, financial postings) as a result of third-party system interactions. Customers are licensed for a specified volume of digital access documents per year; overuse creates compliance liability.
Digital Access was framed by SAP as a solution to the indirect access problem, but many customers have found it creates new complexity. The document counting methodology is opaque, the pricing per document is high, and the volume of digital documents generated by modern integrated enterprise environments is substantially larger than most customers anticipated. Organisations that migrated to Digital Access at renewal often discovered that their annual document volumes — driven by e-commerce platforms, RPA processes, IoT integrations, and automated procurement — far exceeded contracted levels.
For customers still on legacy named user licensing, SAP's audit approach to indirect access may involve a pressure to convert to Digital Access as part of an audit settlement — at pricing that reflects SAP's opening position, not market value. This conversion should be negotiated independently of the audit settlement and with specific market benchmarking.
Stay Ahead of Vendors
Get Negotiation Intel in Your Inbox
Monthly briefings on vendor pricing changes, audit trends, and contract tactics. Unsubscribe any time.
No spam. No vendor affiliations. Buyer-side only.
Common Indirect Access Scenarios
SAP indirect access claims arise in a predictable set of integration scenarios. Understanding which of your integrations carries indirect access risk allows you to prioritise your pre-audit assessment and prepare specific defences for each.
Salesforce, Dynamics, or other CRM systems creating SAP orders, reading SAP pricing, or syncing customer master data. This is the most commonly audited scenario following the Diageo judgment.
B2B or B2C e-commerce platforms that trigger SAP order creation, update inventory records, or process payments through SAP finance. High document volume, high Digital Access exposure.
Robotic Process Automation tools (UiPath, Blue Prism, Automation Anywhere) that process SAP transactions via UI scripting or APIs. Each automated transaction may be counted as indirect access.
BI and analytics tools that read SAP data without creating documents or triggering transactions. SAP's position on pure read-only access varies — strong contractual arguments exist against indirect access claims for non-transactional access.
Challenging SAP's Indirect Access Methodology
SAP's audit methodology for indirect access is less standardised than Oracle's LMS approach, which creates both greater ambiguity and greater opportunity for challenge. SAP's measurement of indirect access typically relies on system log analysis — RFC call logs, IDOC records, and function module call statistics — to identify third-party system interactions. Each of these data sources has known limitations that support challenges to the resulting findings.
Contractual Basis Challenge
The first and most fundamental challenge to any indirect access claim is contractual: does your specific licence agreement, as it was signed, actually require licences for indirect access as SAP is defining it? SAP's standard licence agreements have evolved significantly over the years in their treatment of indirect use. Agreements signed before 2015 frequently contain indirect access provisions that are materially narrower than SAP's current enforcement position. A detailed review of your specific contract language — not SAP's current standard terms — is the starting point for every indirect access defense.
Measurement Methodology Challenge
SAP's measurement tools and log analysis frequently over-count indirect access events. RFC calls include system-to-system health checks, error recovery messages, and technical maintenance operations that do not represent business document creation. IDOC statistics may double-count records that were retried due to transmission errors. Every dataset SAP provides as evidence of indirect access should be reviewed for these inflation factors before any liability is acknowledged.
Scope and Definition Challenge
SAP's definition of what constitutes a "user" requiring a licence under indirect access is contested. Where the access is by an automated system with no human interaction — a scheduled batch job, an automated procurement process, an IoT sensor — the case that a human "user" licence is required is weak. Challenge SAP's application of user-based licensing metrics to fully automated, non-human interactions, and require SAP to provide the specific contractual provision that extends user licensing to automated system access.
Negotiation Strategy and Settlement
SAP indirect access settlements follow a more commercial pattern than Oracle LMS settlements. SAP's primary objective is typically to convert an informal indirect access situation into a documented commercial arrangement — either through Digital Access licensing, expanded named user counts, or a specific indirect access agreement. SAP is often willing to settle for significantly less than the initial claim if the settlement converts to a multi-year commercial commitment.
The key leverage in SAP indirect access negotiations is your RISE with SAP or cloud transition decision. SAP has a strong commercial interest in retaining large on-premise customers and migrating them to RISE. An audit settlement that is combined with a RISE migration commitment frequently produces material reductions in the indirect access claim — because SAP's account team recognises the long-term commercial value of the RISE deal and will concede on audit recovery to secure it.
IT Negotiations' SAP advisory service includes direct experience with indirect access audit negotiations across manufacturing, retail, financial services, and logistics organisations. Our advisors have reduced SAP indirect access claims by 50–80% through methodology challenges and commercial negotiation, typically securing audit-free periods and improved renewal terms as part of the settlement.
SAP Indirect Access Claim? Challenge Before You Pay.
IT Negotiations specialises in SAP indirect access defense — challenging SAP's methodology, disputing claim calculations, and negotiating commercial outcomes that are far better than SAP's initial position. Buyer side only.
Get SAP Audit Defence Support →