Australian Mining Group Defends Against SAP License Audit Claiming Excessive User Classifications
Industry: Mining | Country: Australia | Employees: 18,000
Challenge:
An Australian mining conglomerate with 18,000 employees was hit with an SAP license audit. The audit alleged that the company had far more high-level (expensive) SAP user licenses in use than were covered by its contract.
The audit report showed an “excessive number of users classified as top-tier (Professional) users,” implying major non-compliance.
This arose because SAP’s auditing tools count every active user account and take each user’s highest authorization level across all systems. Even if users have broad access in just one system, they get classified at the highest license tier across the board.
In the mining group’s case, many employees had been automatically assigned broad roles or left with default classifications, causing SAP’s tools to flag them as requiring Full Professional licenses (the most costly type).
Moreover, some old and inactive accounts were still technically “active” in the system, so the audit counted them. SAP claimed the company was under-licensed and owed significant fees for additional Professional user licenses.
Solution:
The mining group mounted a comprehensive license audit defense to challenge SAP’s findings and optimize their license usage. First, they reviewed all SAP user accounts and roles internally.
They identified numerous users who were misclassified at higher license levels than necessary. For example, many users with light or view-only usage had been lumped into the Professional category by default.
The IT team cleaned up user classifications across every SAP system, ensuring each account was assigned the appropriate license type based on actual usage. They also pinpointed hundreds of inactive or former employee accounts that had remained unlocked in SAP—these were promptly locked or removed so they would no longer count toward license totals.
A detailed role analysis was then conducted: the team scrutinized SAP role definitions to find cases where roles granted more access than users genuinely required.
By redesigning and narrowing roles (for instance, removing transaction codes and permissions that weren’t needed for a user’s job), the company could safely downgrade many users from the expensive “Professional” license to cheaper categories (such as “Limited Professional” or “Employee Self-Service”).
This role-based reclassification ensured that each user’s authorizations matched the least costly license necessary for their job duties.
The mining group also engaged a licensing advisor to validate their approach. It used SAP’s License Administration Workbench (LAW) tool in simulation mode to confirm that the new classifications would pass an audit.
Finally, they presented SAP auditors with a revised user license report, backed by usage data and corrected classifications, to dispute the original audit’s claims.
Results:
Through these efforts, the mining company dramatically reduced the number of users counted as top-tier licensees. By expiring unused accounts and reclassifying users to proper license types, they eliminated the vast majority of the supposed shortfall.
An internal analysis found that roughly a third of the users initially flagged as “Professional” could be downgraded or removed, reflecting how much excess was built up from years of over-classification.
After implementing the changes, the company’s license usage aligned with their entitlements, voiding the need for a costly true-up purchase. When presented with the updated data, SAP’s audit team accepted the revised classifications. The group avoided what could have been a multi-million dollar bill for additional licenses.
Beyond passing the audit, the company also established stronger governance for SAP license management: periodic internal license audits, strict processes to retire user accounts when employees leave, and ongoing role reviews to ensure users are never given more access than they need.
This case highlights how a proactive defense, cleansing inactive users and right-sizing user permissions, allowed the mining firm to defend against an aggressive SAP audit, stay compliant, and save enormously on unnecessary license costs.
