Managing, understanding and optimizing your SAP licences can save you millions - not doing so can cost you millions, as has been well publicized in the recent court case of SAP UK vs. Diageo.

So how do you ensure that you get it right?

In this article we list what we believe to be the three key essentials required to properly manage and optimize your SAP licence asset.


① Acquire knowledge of the actual SAP usage of your named users and any third party systems accessing your SAP environment

 

There are two main risks in not knowing your actual usage;

1. The first risk is that you are most likely to be significantly over-licensed and paying too much maintenance. Most companies are over-licensed because they provision SAP licences to their employees based upon what they expect their employees will be doing in SAP rather than what their employees are actually doing in SAP.

So, you are most likely allocating employees with perhaps a Professional Licence when their actual usage only requires a Limited Professional licence - or maybe no licence at all if their usage is nil!

With a price difference of around £2,000 between a Professional Licence and a Limited Professional Licence then just finding 10 employees that are over-classified in this way would release £20,000 of licence value. The good news is that, in our experience, you will find far more than this; typically companies have between 15% and 40% more professional licences allocated than are needed. Add to this the release of licences from dormant users, low activity users and duplicate users and the potential returns in value can very quickly hit six and seven figures. Instead of releasing this value into the pot, you may be unnecessarily buying additional licences.

2. The second major risk is that your SAP systems are being indirectly accessed by third party systems. Most organizations mistakenly assume that when a third party system, such as SalesForce.com, accesses SAP it requires only one licence (i.e. for the System/Communications/RFC account). WRONG! It requires a named user licence for every user of SalesForce.com that has access entitlement (i.e. the capability) to cause any processing to execute within SAP. For instance, if a user in SalesForce.com has the entitlement, via any integration to SAP, to trigger the creation of a sales order within SAP then they will require an appropriate licence within SAP.

Acquiring such deep usage knowledge of your systems could in theory be done manually - we know of a few companies that have tried doing so, and with some success, albeit it takes an inordinate length of time even within a fairly simplistic SAP landscape. Unfortunately the task will also often fall upon your most expensive staff making it a pretty expensive exercise.

It's equallt important to monitor your 'package' (or engine) licences too to ensure that you are keeping within any agreed metrics.

We do therefore believe that implementing a system to automatically monitor, analyze and assess actual usage of each and every one of your users across your your entire SAP landscape is an essential first step. ProfileTailor LicenseAuditor is of course one such system.


② Allocate only the licence type that an employee actually needs by categorizing your SAP users based upon their actual usage both within SAP and from outside SAP (Indirect Access)

SAP licences are expensive, so the golden rule is to only allocate the minimum licence entitlement necessary to perform the tasks that each employee needs to do.

Knowing your actual SAP usage for each user as described in 'Licensing Essential No.1' is clearly a prerequisite and, although you can re-categorize user licences manually, if you are talking about hundreds or thousands of users then this is going to take some considerable time. You may therefore want to consider automating the process by using a system such as ProfileTailor LicenseAuditor where you can implement rules and policies to automatically classify users licences based upon their actual usage or/and other criteria such as their job title or employment status.

When it comes to understanding the licence requirements for users accessing SAP from a third party system (Indirect Access) then a much deeper analysis must be done - essentially a gap analysis.

Let's imagine that you have a SalesForce system that has two simple sets of users; one group can use SalesForce to trigger the creation of new sales orders within SAP (let's call them the 'Updaters') and the other group can only perform static reads of data from SAP (Let's call these the 'Readers').

Firstly, we can dismiss the 'Readers' from requiring any kind of SAP licence as typically static reads of data from third party systems do not require an SAP named licence. But with regard to the 'Updaters', we now need to pull off a list of these users from SalesForce and do a cross check to see that each person on the list also has the appropriate named user licence within SAP. If they do then great, but if they don't then this will be your indirect licence exposure and you will need to buy new licences for them.

More often than not though, by performing a SAP licence optimization process, we have been able to redeploy large numbers of 'saved' licences so that any exposure has been significantly, if not completely, mitigated.

 


③ Know your existing SAP contract, challenge the grey areas, and then suggest more concrete metrics to SAP in order to negotiate a more black and white agreement.

SAP Licence Agreements can be notoriously grey when it comes to distinguishing between different licence types and the respective usage entitlement being granted with each one. For instance, within your SAP agreement a 'Professional Licence' might state something like it 'allows the user/employee to perform operational and administrational transactions on behalf of the company'. Unfortunately your contract won't list a set corresponding transaction codes that allows you to determine such activity.

The definition of a 'Limited Professional Licence' becomes even more grey as it often states something like 'is able to perform limited operational roles as defined in the contract'. Unfortunately when you look deeper into your contract you are unlikely to find much in the way of any helpful metrics to help you distinguish between them - is it a limit on the volume of transactions, or perhaps the breadth of transactions being used?

The good news however is that SAP have pretty much put the onus on you, the customer, to provide them with details of how you are making the distinction and how you are limiting certain users from doing certain things. We therefore like to encourage our customers to make use of the modeling tools within ProfileTailor LicenseAuditor to help them analyze actual usage and behaviour to draw clear distinctions between their user types.

Armed with this information you should then meet with your SAP Account Manager to get these black and white definitions set within the contract thus providing you with an absolutely clear set of defintiions and hopefully pain free future licence audits!

 


Next Steps...

Grey Monarch offer ProfileTailor LicenseAuditor as on-premise software or SaaS. We also offer a one-off optimisation and prepare for audit packaged service.

If you would like to find out more then please do contact us

You can also share this page via the following buttons: