Optimization is possible: SAP licensing according to authorizations
It has been a while since SAP gradually changed its contracts and switched from licensing based on usage to licensing based on authorizations. From a legal perspective, the transition is far from complete and is still being questioned by specialists. However, the trend is clear: licensing according to authorizations is the new reality in the SAP world. This affects all companies with existing S/4, Rise or Grow contracts as well as all those who will be migrating to S/4, Rise or Grow when support for ERP/ECC 6.0 ends in the next few years.
From SAP's point of view, this type of licensing is fundamentally justified - even if it initially shakes up the decades-old practices of SAP users and meets with a lot of headwind. While in the rest of the software world licenses are often managed and billed according to the number of installations, this model could not be implemented at SAP for various reasons. With SAP applications, companies did not have to install anything for users - with the exception of the GUI. Instead, IT managers assigned roles and authorizations to users as a form of "installation". It is hardly surprising that licensing itself was neglected in many cases during this technical assignment and that authorizations got out of hand.
In future, however, SAP would like to see these authorizations paid for. The strategy is similar to Microsoft's approach, which charges for the installation of the Office solution Excel - regardless of whether it is used by users or not.
Authorization classification
Licensing by entitlement therefore means a fundamental rethink of license management for companies. The good news is that SAP has published a classification of license-relevant authorizations for the first time as part of the changeover to licensing by authorizations. This refers to the authorization classification from Star Services. In this list, SAP has classified almost 3000 authorizations and assigned license types, both for S/4 On-premises and for Rise and Grow. The set of rules is intended to provide companies with a basis for converting from ECC to S/4 licenses, but also to serve as a basis for SAP license measurement. From a compliance perspective, Star simplifies the classification of users. IT managers can quickly see which authorizations are assigned to higher-value licenses. Optimization thus appears to be within reach. In fact, SAP itself provides potential suggestions for optimization with the Star services.
So much for the theory. In practice, however, companies are faced with a major problem that has grown over the years and is therefore complex. Since the licensing of S/4 Hana is now based on the assigned authorizations and no longer on actual usage, under-licensing can quickly lead to a cost explosion. Depending on how generously authorizations were distributed in advance.
Authorizations cannot be removed without further ado. Especially not if users still need them to carry out business-relevant processes and tasks. However, even if there is no immediate need, experience shows that many employees like to hold on to existing personally assigned roles, authorizations and therefore also privileges. After all, access may still be required at some point or somewhere. Clarifying the actual need per role, authorization and user and adjusting the authorizations accordingly is therefore difficult.
What's more: Just because optimization seems possible on paper or in theory, it is not always possible in practice. Users usually have a whole range of different permissions that lead to higher-priced licenses. Simply adjusting or removing an authorization often does not have the desired effect.
SAP Star Rulebook
It is important to understand that the Star Rulebook does not yet cover 100% of the contractual content and descriptions of the use license types. These are initially only suggestions. The results therefore need to be interpreted further and adapted where necessary. For example, the report does not differentiate between classic core usage and core usage caused by "engine usage". In addition, business partners are classified as normal users, even though they require a "functional use" license by definition.
Optimizing roles and authorizations has thus become an almost impossible, or at least expensive, task. From SAP's point of view, this is certainly a clever move, as more licenses are often required in this way. SAP customers, however, need to ask themselves how they should deal with the situation. Those who set themselves the goal of optimizing SAP licenses should proceed in two steps:
Meet compliance requirements: From a compliance perspective, it makes sense to classify licenses according to the Star Service model. This means that companies follow SAP's recommendations and are also on the safe side during an SAP system measurement. The basic prerequisite is to clear the air in advance and remove users who no longer require licenses. This includes taking care of engine use, technical use, blocked users and users without log-in activities. It also means taking into account the special rule for business partners for functional use licenses.
License optimization by usage: To further optimize the licenses, the roles and authorizations of the users are left aside for the time being. Instead, the focus is on usage. Which user uses which SAP applications and to what extent for which tasks? Which SAP transactions are used? Which Fiori apps are used? And which reports are being pulled? Once this information on SAP usage is available, it is analyzed and evaluated from a licensing perspective.
Basically, companies work with two lists here: the usage data and the license data. The comparison shows which persons can be assigned a lower license value on the basis of usage than with the pure evaluation of authorizations. The principle behind this is the same as for old contracts. However, companies do not now use the results to classify users directly.
Instead, they check precisely whether users who are assigned a higher-value license type under Star can also carry out their daily work with fewer permissions. IT managers can then reassess the authorizations for this user group and adjust or even remove authorizations that are no longer required without restricting their ability to work.
Ultimately, with any type of optimization, it is important to clarify how current roles and authorizations map actual usage in order to be able to carry out rightsizing. A deep, detailed insight into the use of SAP installations is crucial for this. The data required to understand this is generally available. However, manually consolidating the data is laborious, time-consuming and error-prone. Automated management platforms are therefore indispensable - regardless of which form of optimization companies ultimately choose. They measure the transaction activity of each user across all systems, provide an accurate picture of actual SAP usage and help to prevent compliance violations, over-licensing and thus cost explosions.