Most SAP enterprise customers run multiple SAP systems — ERP, BW, SCM, CRM, SRM — and the same user often has accounts across several of them. Without consolidation, each system's USMM measurement would count that user independently, resulting in massive overcounting at the licence declaration level. LAW exists to solve this problem: it consolidates measurement data from all your SAP systems, de-duplicates users who appear in multiple systems, and produces a single aggregate ELP (Effective License Position).
The challenge is that LAW's de-duplication and consolidation logic introduces its own problems. Configuration errors in LAW can cause the opposite of what it's designed to do — double-counting users across systems, applying the wrong licence type mapping, or failing to recognise that two user records belong to the same physical person. When SAP's audit team runs LAW, these errors consistently inflate the final compliance gap.
This guide explains exactly how LAW works technically, where it goes wrong, and how to challenge LAW output in an SAP audit defence scenario. For an understanding of the USMM measurements that feed into LAW, see our companion SAP USMM measurement guide.
Received an SAP Audit Letter?
Our team treats audit enquiries as priority — we respond within 4 business hours and can engage within 48 hours of instruction. The first 72 hours of an SAP audit define the outcome.
Get Emergency Triage → Download the Free SAP Audit Guide →What Is SAP LAW and How Does It Fit Into the Measurement Process?
The License Administration Workbench (LAW, transaction code: LAW2, or the older SLAW in some older SAP versions) is an ABAP-based application that runs within a designated central SAP system — typically the Solution Manager landscape or an ERP system designated as the consolidation hub. It receives XML-format measurement files exported from each satellite system's USMM run and consolidates them into a single aggregate position.
The measurement process follows a specific sequence:
Individual System USMM Runs
Each SAP system in scope runs USMM independently to produce a local licence measurement. The output includes user counts by licence type, engine metrics, and (if applicable) Digital Access document counts for that specific system.
XML Export from Each System
USMM exports a structured XML file containing the measurement results. This file is either transferred directly to the LAW system or uploaded manually by the customer's Basis team. The accuracy of this transfer is critical — file handling errors can corrupt measurement data.
LAW Import and System Configuration
LAW imports each system's XML file and maps the system to the customer's SAP contract structure. Each system must be correctly assigned to the appropriate licence agreement — a misconfigured system assignment can cause results to be excluded or incorrectly consolidated.
User De-duplication Across Systems
LAW attempts to identify users who appear in multiple systems as the same physical person. It uses the SAP User ID (SID) as the primary matching key, with secondary matching possible via email address or other identifier fields. Users successfully de-duplicated are counted only once at the highest licence type held across all systems.
ELP Generation and Submission
LAW generates the consolidated ELP (Effective License Position), which is then exported as the official Annual Licence Declaration file for submission to SAP via the SAP for Me portal or direct to SAP's GLA (Global Licence Auditing) team during an audit.
Is Your LAW Configuration Inflating Your Compliance Gap?
Our SAP licence compliance team audits LAW configurations, identifies consolidation errors, and rebuilds your ELP on defensible foundations. Book a free consultation to assess your LAW risk.
Where LAW Goes Wrong — The Four Critical Error Types
LAW's consolidation logic has well-documented failure modes that consistently inflate ELP figures. These are not SAP bugs — they are configuration and data quality issues that SAP's auditors rely on remaining unchallenged:
De-duplication Failure
LAW's primary de-duplication mechanism uses SAP User IDs. If the same physical user has different User IDs across different SAP systems — common in organisations that grew through acquisition or used non-standard ID conventions — LAW treats them as separate users. A user with three SAP User IDs across three systems is counted as three users, potentially at Professional licence level each.
Licence Type Escalation
LAW assigns the highest licence type found across all systems for each de-duplicated user. If a user holds a Professional licence on one system (due to a legacy classification or a single transaction) and Employee licences on five others, LAW assigns Professional across all — regardless of whether the Professional classification on the first system was itself correct.
Wrong System Scope
If systems are incorrectly configured in LAW's system landscape — including development systems, QA environments, or decommissioned systems that were never removed from the LAW configuration — their user populations inflate the consolidated ELP. We have seen audit scenarios where test systems with hundreds of accounts added millions of pounds to the claimed gap.
Contract Assignment Errors
In organisations with multiple SAP contracts — subsidiaries, different geographic regions, or legacy agreements from M&A activity — LAW must correctly assign each system to the appropriate contract. Misassignment means users from one contract's entitlement pool are measured against another contract's licence bank, creating apparent gaps in both.
Each of these errors individually can inflate your compliance gap by 10–20%. In combination — which is common in large enterprise landscapes — they can triple the apparent gap. SAP's auditors are aware of these failure modes. They do not volunteer corrections. That responsibility falls to you or your independent adviser.
How to Challenge SAP LAW Output in an Audit
A LAW challenge is a structured, evidence-based process. Unlike USMM where data preparation happens before measurement, LAW challenges typically happen after SAP has produced their ELP and presented it as the compliance gap you need to address. The process follows this sequence:
| Challenge Type | What to Request from SAP | What You Are Looking For |
|---|---|---|
| System Landscape | Full list of systems included in the LAW run, including SIDs, system descriptions, and assigned contracts | Test/dev/QA systems incorrectly included; decommissioned systems still in scope; systems assigned to wrong contract |
| De-duplication Config | The de-duplication methodology used — which fields were matched, whether secondary identifiers (email, employee ID) were applied | Users not matched due to different User IDs across systems; same person counted multiple times across different system SIDs |
| Licence Type Mapping | The licence type mapping tables used in LAW — which USMM user types were mapped to which contractual licence categories | Mapping tables that are not aligned with your specific contractual licence definitions; custom licence types not correctly handled |
| Raw Data Validation | The individual system USMM XML files that were imported into LAW | Discrepancies between the per-system USMM output and what LAW shows for that system — indicating import or processing errors |
SAP's auditors will often resist providing the full LAW configuration documentation, citing commercial confidentiality or audit process restrictions. Your contract provides the right to understand the measurement methodology. If SAP refuses to provide the configuration, document the refusal formally — it weakens their ability to enforce the gap claim without independent verification.
SAP LAW vs. Third-Party SAM Tools
Enterprise organisations increasingly use third-party Software Asset Management (SAM) tools — Snow Software, Flexera, VOQUZ LicenseControl, and USU Software — to manage SAP licence positions independently of SAP's own measurement infrastructure. These tools offer advantages in de-duplication logic, cross-system user matching, and real-time licence tracking that LAW does not provide.
When a SAM tool produces a materially different ELP from SAP's LAW output, the discrepancy is your evidence basis for a challenge. Third-party tools with traceable, documented methodologies are highly effective as counter-evidence in audit negotiations. SAP cannot easily dismiss a professionally configured Snow or Flexera measurement that shows 30% fewer users than LAW produced.
Our SAP licence optimisation service includes SAM tool configuration and ongoing measurement management — ensuring you always have an independent, defensible view of your licence position before SAP's next audit cycle begins.
LAW in Complex Multi-System Landscapes
The complexity of LAW challenges scales directly with the complexity of your SAP landscape. Organisations with 50+ SAP systems — common in global enterprises and those that have grown through acquisition — face a compounding problem: each additional system is another potential source of LAW configuration error, and de-duplication failures multiply with every system added to the scope.
Post-merger and acquisition scenarios are particularly hazardous. When an acquired company's SAP systems are brought into scope for the combined entity's LAW measurement, the following errors are almost guaranteed if the configuration is not carefully managed: the acquired company's systems may have different User ID conventions, different licence type classifications, different system client configurations, and potentially different SAP contracts. Without a dedicated LAW reconciliation project at the time of the integration, each of these misalignments will amplify the compliance gap at the next measurement cycle.
If your organisation has undergone M&A activity in the last 24 months, or is planning an S/4HANA migration that involves system consolidation, a LAW configuration review is essential before the next annual measurement. The cost of remediation before measurement is a fraction of the back-licence claims that misconfiguration generates.
Practical Actions: What to Do Before Your Next LAW Submission
Whether you are preparing for an upcoming annual declaration or facing an active audit, these are the highest-priority actions to protect your LAW-based ELP:
- Audit your system landscape in LAW: Review every system currently in LAW scope. Remove decommissioned systems, test systems, and sandbox instances. Verify that production systems are correctly assigned to the right SAP contract.
- Implement a User ID governance policy: Establish a consistent User ID convention across all SAP systems — typically using a corporate email address or employee ID as the SAP User ID. This dramatically improves de-duplication accuracy in future LAW runs.
- Test secondary identifier matching: Configure LAW to use email addresses or HR employee IDs as secondary matching keys for de-duplication. The improvement in user consolidation can be significant in organisations with heterogeneous ID conventions.
- Cross-reference your LAW output against HR data: Compare the consolidated user list from LAW against current HR employee records. Users who have left the organisation, transferred to different entities, or changed roles should be identified and the underlying USMM data corrected at source.
- Engage independent LAW review: Have an independent adviser review your LAW configuration, mapping tables, and system landscape assignments before the next measurement cycle. The cost of a review is consistently recovered through measurement accuracy improvements.
Independent LAW Review: Protect Your Licence Position
Our SAP audit defence team includes former SAP measurement specialists who know every LAW configuration failure mode — and how to fix them. We have recovered millions in inflated ELP claims through targeted LAW challenges. Book your free consultation today.
Independent SAP Audit Defence
We have resolved over $200M in SAP audit exposure. If you are facing an active audit, a compliance claim, or want to understand your exposure before SAP comes calling, our SAP audit defence service is the fastest path to a defensible position.
Book a Free Audit Triage Call →