SAP USMM & LAW Tools: The Complete Enterprise Guide for 2026

When SAP initiates a licence audit, it does not arrive with a subjective opinion. It arrives with instruments — USMM, LAW, and STAR — that produce data that is then used to construct an Effective Licence Position (ELP). That ELP becomes the basis for every commercial negotiation that follows. Enterprises that do not understand how these tools work, what they measure, and where their outputs can be contested, are negotiating blind.

This guide is the definitive enterprise reference for SAP USMM and LAW tools in 2026. It covers what each tool measures, how the outputs are used, the systematic biases built into each measurement methodology, and the practical steps enterprises can take before, during, and after a measurement run to protect their position. Whether you are managing an active audit or preparing for one, this is the analytical foundation you need.

1. What Is SAP USMM and Why It Matters

USMM stands for User and System Measurement Manager. It is an ABAP-based report that runs within an SAP system — typically transaction USMM — and produces a snapshot of user activity and system utilisation. SAP uses this snapshot to determine how many users of each licence type are active in the system and compares that count against what is contractually licensed.

USMM has been the primary SAP measurement instrument for on-premise and hybrid landscapes for over two decades. Despite its age, it remains central to virtually every SAP audit conducted globally. Its output — the system measurement file — is the single most consequential document in any SAP audit process.

Understanding USMM requires understanding what it measures and — critically — what it does not measure. USMM counts user accounts that have been assigned transaction codes, roles, or authorisations associated with a given licence type. It does not, in standard configuration, distinguish between users who perform those transactions daily and users who were assigned the role years ago and have never used it. That distinction — between role assignment and actual productive use — is one of the most significant sources of inflated ELP findings in enterprise audits.

The USMM Measurement File

When USMM runs, it produces a measurement file in a standardised XML format that can be uploaded to the SAP Service Marketplace or transmitted directly to SAP during an audit. This file contains user counts broken down by licence type, module usage statistics, and system landscape information. SAP's audit team uses this file as the input for their ELP calculation.

The measurement file itself is not a simple count. It is a structured dataset that reflects dozens of configuration decisions about how users are classified, which systems are in scope, and how activity is attributed. Each of those decisions can be contested, and in our experience supporting enterprises through SAP audit defence, a significant proportion of them contain errors or use assumptions that favour SAP rather than the customer.

2. What Is the SAP LAW Report and How It Is Used

LAW stands for Licence Administration Workbench. While USMM operates at the individual system level, LAW is the tool used to consolidate measurement data from across an enterprise's entire SAP landscape — multiple ERP systems, HR systems, CRM systems, and any other SAP components in scope — into a single, consolidated user count.

LAW runs on a dedicated SAP system (or can be configured within an existing system) and imports measurement files from all systems in scope. It then applies deduplication logic to identify users who appear across multiple systems, and produces a consolidated licence position that eliminates double-counting of users who have legitimate access to more than one system.

In theory, LAW deduplication should reduce the total licence count by collapsing multi-system users into a single count. In practice, the LAW report is one of the most contested documents in any complex SAP audit, for several reasons.

Why LAW Deduplication Creates Disputes

LAW deduplication uses User IDs as the primary matching key. This works reliably in landscapes where user IDs are consistently maintained across all systems. However, in the real enterprise environments we work with — which typically feature decades of system evolution, multiple acquisitions, and inconsistent HR master data governance — user IDs are frequently not consistent across systems.

• Name-format mismatches mean the same physical person appears under different user IDs (e.g., "jsmith" in ERP and "john.smith" in SRM), and LAW fails to deduplicate them.
• Legacy user ID structures from acquired entities often use entirely different naming conventions, creating entire populations that appear as unique users in the consolidated count.
• Email address deduplication is available in some LAW configurations but is not always enabled, missing an alternative matching opportunity.
• System scope decisions — which systems are included or excluded from the LAW consolidation — directly affect the final count and are sometimes determined unilaterally by SAP's audit team.

3. The USMM Measurement Methodology: Where Inflation Occurs

The single most important thing enterprises can understand about USMM is that the tool's classification logic is designed to assign the highest-value licence type consistent with any transaction or role assignment found in the system. This is not an accident — it is a deliberate configuration choice that systematically inflates licence counts.

Named User Licence Classification

SAP's licence types form a hierarchy, from the most expensive Professional User down through Limited Professional, Employee Self-Service, and various restricted-use licences. When USMM evaluates a user account, it looks at all the transaction codes and roles assigned to that user and applies the licence type corresponding to the highest-value transaction found. A user who has a Professional-level transaction assigned — even if they never use it — will be classified as a Professional User and counted at Professional User pricing.

This classification-by-assignment methodology is the primary driver of inflated ELP findings. Role proliferation — a common governance challenge in large SAP landscapes — means that many users carry role assignments that technically justify higher licence classifications even though their actual work patterns are far more restricted. The difference between what a user is assigned and what a user actually does is, in most enterprises, enormous.

Inactive User Inclusion

USMM's standard configuration counts user accounts that have not been locked or deleted, regardless of whether those users have logged in recently or at all. Users who have left the organisation but whose accounts were not promptly deactivated, contractors whose engagements ended without proper offboarding, and service accounts that were created for a project and never cleaned up — all appear in the USMM count.

Depending on the quality of user lifecycle governance, inactive user inflation can account for 10–30% of the total USMM count in enterprise landscapes that have operated for more than five years without a systematic cleanup. This is one of the most straightforward and defensible reductions available to enterprises facing an inflated ELP — but only if it is identified and documented before SAP finalises its position.

📬 SAP Licensing Intelligence

Get Independent SAP Licensing Insights

Expert analysis on SAP audits, contracts, and cost reduction — direct to your inbox. Corporate email required.

Please use a corporate email address (no Gmail, Yahoo, Hotmail, etc.)

Subscribe — Free Intelligence →

4. SAP STAR: The Measurement Tool for Modern Landscapes

The SAP STAR (System Transactions Activity Report) is a measurement instrument developed for cloud, S/4HANA, and hybrid landscapes where the traditional USMM model — which is focused on named users in on-premise ABAP systems — does not capture the full picture of system usage.

STAR collects application usage data at a transactional level, logging which users perform which functions within an SAP application during a defined measurement period. This creates a usage-based dataset that SAP can then apply its licence engine to, classifying users based on the most advanced function they performed during the measurement window rather than the most advanced function they could theoretically perform based on their role assignments.

STAR and the 12-Month Measurement Window

One of the most significant enterprise risks associated with STAR measurements is the rolling 12-month measurement window. When SAP runs a STAR measurement as part of an audit, it typically requests activity data for the preceding 12 months. Users who performed a high-value function once during that period — perhaps to cover for a colleague who was absent, or during a project that has since concluded — may be classified at the higher licence level for the full period.

This creates a substantial exposure in project-heavy organisations and in environments where cross-functional cover is common. A finance user who accessed a procurement transaction once during a peak period may be classified as requiring a more expensive licence, even though the underlying activity was entirely incidental to their normal role. Understanding the STAR measurement methodology in detail is essential for any enterprise running S/4HANA in a hybrid or cloud environment.

5. How SAP Constructs the Effective Licence Position from Tool Outputs

The Effective Licence Position (ELP) is the document that SAP presents as the result of an audit. It is a comparison between the number of users of each licence type that SAP's tools have measured, and the number of users of each licence type that the enterprise has contracted and paid for. The gap between these two figures is the alleged shortfall — what SAP claims the enterprise owes in additional licence fees.

Understanding how the ELP is constructed from USMM, LAW, and STAR outputs is essential to understanding how to contest it effectively. The ELP is not a single calculation — it is the product of a chain of decisions, each of which has a commercial consequence, and each of which can be reviewed and challenged.

The ELP Construction Chain

At each stage in the measurement-to-ELP chain, decisions are made that affect the final number:

• System scope selection — which systems are included in the measurement. Including legacy systems, test environments, or recently divested entities inflates the count. The contract scope governs which systems are legitimately in scope.
• USMM configuration parameters — how the tool is configured to classify users. Default SAP configuration is not the only valid configuration, and it is not always the contractually correct one.
• LAW deduplication logic — which matching criteria are applied. Poor deduplication amplifies multi-system users rather than collapsing them.
• Licence type mapping — which transaction codes and roles map to which licence types. SAP's classification tables are updated periodically and are not always applied consistently across audit teams.
• Backdated pricing application — whether shortfalls are priced at current list rates or at the rates applicable in the period when the gap allegedly arose. Applying 2026 list prices to historical gaps is commercially aggressive and contractually questionable.

6. Building Your Defence Before SAP Runs the Measurement Tools

The most effective time to influence an SAP audit outcome is before the measurement tools are run. Once SAP has its USMM and LAW outputs and has constructed an ELP, the enterprise is in a reactive position. Every point of reduction must be argued against a number SAP has already built its commercial position around. The enterprise that prepares its own independent measurement before the audit window is in a fundamentally different negotiating position.

Independent Pre-Audit Measurement

The most important preparation step is running your own USMM measurement before SAP does. Transaction USMM is available in every SAP system, and a competent SAP Basis team can run it and produce a measurement file that the enterprise can analyse before transmitting anything to SAP. This gives you visibility of what SAP will see and allows you to identify and correct issues before they appear in SAP's ELP.

Key activities in an independent pre-audit measurement include reviewing the process in our detailed guide to preparing your systems before SAP runs USMM:

• User account cleanup — locking or deleting inactive users, terminated employees, and legacy service accounts before the measurement date.
• Role rationalisation — reviewing users with elevated role assignments and whether those assignments reflect actual job requirements.
• Transaction code audit — identifying users who carry access to high-value transactions that they do not actually use, and whether those assignments can be removed before measurement.
• LAW scope review — confirming which systems should be in scope under the contract and building a defensible argument for excluding any that are not.
• Custom development review — assessing whether any custom Z-transactions create indirect access exposure under the SAP Digital Access model.

Contractual Scope Analysis

The measurement tools produce data from your systems. But which data is relevant to your licence obligation is determined by your contract, not by SAP's audit team. Before any measurement is shared with SAP, the enterprise should complete a thorough review of the underlying licence agreement to confirm system scope, permitted use restrictions, licence type definitions, and measurement methodology obligations. Many enterprises discover that their contracts contain provisions that limit SAP's measurement rights or entitle the enterprise to contest specific classification decisions — provisions that are entirely ignored if the enterprise simply accepts SAP's USMM output as presented.

Our comprehensive SAP Audit Defence Guide covers the contractual analysis process in full, including the specific contract clauses most likely to constrain SAP's measurement methodology.

7. Contesting USMM and LAW Outputs: Practical Methodology

When SAP presents its ELP following a measurement run, the enterprise has the right — and in most cases the commercial necessity — to contest the methodology and outputs. The key is to contest systematically rather than reactively, working through each component of the measurement chain with documented evidence.

Technical Challenges to USMM Output

Technical challenges focus on the accuracy of the data within the USMM measurement file:

• Inactive user challenges — providing documentation that specific users were no longer active (terminated, on extended leave, system account) during the measurement period.
• Role assignment disputes — demonstrating that certain role assignments were administrative artifacts rather than productive assignments, using HR records, system activity logs, or IT change management records as evidence.
• Classification disputes — arguing that specific transaction codes or roles should not trigger the licence classification SAP has applied, referencing the licence metric appendix of the contract and any available SAP Notes that define classification rules.
• Measurement configuration disputes — challenging whether USMM was configured in accordance with the contractually required methodology, including any specific measurement parameters set out in the licence agreement.

LAW Deduplication Challenges

LAW challenges focus on the quality of cross-system deduplication:

• User ID mapping corrections — providing a verified mapping of user IDs across systems that demonstrates users counted multiple times are in fact the same individual.
• System scope exclusions — arguing that specific systems included in the LAW consolidation are outside the contractual measurement scope.
• Acquired entity exclusions — demonstrating that systems from recently acquired entities are outside the audit scope under the contract or have separate licensing arrangements.

Engaging Independent SAP Audit Defence Expertise

Contesting USMM and LAW outputs effectively requires a combination of technical SAP system expertise, contractual analysis capability, and commercial negotiation skill. Very few in-house IT or legal teams have all three, and the gap is exploited systematically by SAP's audit organisation — which deploys experienced professionals who understand exactly how to construct and defend an ELP.

Enterprises that engage independent SAP licensing specialists before accepting SAP's measurement outputs consistently achieve better outcomes than those that attempt to contest the ELP internally after it has been delivered. The asymmetry of expertise and preparation is the primary driver of SAP audit settlement amounts.

8. USMM, LAW, and STAR in Evolving Landscapes: S/4HANA and Cloud

The migration of enterprise SAP landscapes to S/4HANA and to cloud-based deployment models is creating new measurement challenges that the traditional USMM and LAW framework was not designed to address. Understanding how measurement works in these evolving environments is increasingly important for any enterprise managing a transformation programme alongside its compliance obligations.

S/4HANA and the New Licence Model

S/4HANA introduces a significantly simplified licence model based on three primary user types: Professional, Functional, and Productivity. The classification criteria for these user types differ from the classic ERP licence hierarchy, and the measurement tools have been updated to reflect this. However, migration from ECC to S/4HANA during the 2025–2027 transition window creates a period of dual measurement complexity where the enterprise may be simultaneously managing legacy ECC licences and new S/4HANA entitlements.

During this period, the interaction between USMM outputs from legacy systems and STAR outputs from S/4HANA, combined with LAW consolidation across a mixed landscape, creates a measurement environment of exceptional complexity — and exceptional audit risk. Enterprises undertaking S/4HANA migration should ensure that their licensing strategy explicitly addresses measurement methodology during the transition period. Our S/4HANA Migration Licensing advisory service addresses this challenge directly.

RISE with SAP and Contractual Measurement Obligations

The RISE with SAP model — SAP's cloud-based transformation offering — introduces contractual complexity around measurement that is distinct from traditional on-premise licence agreements. RISE contracts often include different measurement obligations, different audit rights clauses, and different definitions of what constitutes licensed activity. Enterprises moving to RISE need to ensure that their understanding of USMM, LAW, and STAR measurement obligations under the new contract is explicit before migration, not discovered during the first RISE contract compliance review.

9. Where USMM and LAW Fit in the SAP Audit Timeline

Understanding the sequence of events in a standard SAP audit — and where the measurement tool runs sit within that sequence — is important for planning your response at each stage. The measurement tools are not the first event in an audit; they are part of a structured process that began the moment SAP's audit letter was received.

The standard SAP audit process includes an initial letter, a system access request, a measurement run, an ELP delivery, a settlement discussion, and typically a final commercial negotiation. Our detailed analysis of the complete SAP audit process maps each stage and identifies the key intervention points for enterprise defence teams.

Within this timeline, the measurement run — the point at which USMM and LAW are executed — is typically eight to twelve weeks into the formal audit process. The preparation work described in this guide ideally happens before the audit letter arrives, but can also be compressed into the period between receiving the letter and SAP's first system access request. Enterprises that understand what triggers an SAP audit and how to respond are in the best position to maximise that preparation window.

10. Understanding SAP's Contractual Measurement Rights

SAP's right to conduct measurements using USMM, LAW, and STAR is derived from contractual provisions — typically the audit rights clause of the licence agreement and the measurement methodology provisions of the licence metric appendix. Understanding the scope and limits of these rights is fundamental to managing an audit effectively.

Frequency and Notice Provisions

Most SAP licence agreements contain provisions that limit how frequently SAP can conduct audits (typically once per year) and require minimum notice periods (typically 30 to 60 days). These provisions are contractual rights of the enterprise and should be asserted. SAP's commercial audit team will not volunteer the information that they are limited by contractual notice requirements — the enterprise must identify and enforce these limitations itself.

System Access Scope

SAP's audit rights typically extend to measurement of the systems within the scope of the licence agreement. Systems outside the licence scope — including development environments, test systems (unless specifically included), and systems acquired after the licence effective date — may not be within the contractual audit scope. The enterprise should review the system scope provisions of its contract before granting SAP access to run measurement tools on any system.

11. Summary: Treating USMM and LAW as Contested Evidence, Not Fact

The most important shift in perspective that enterprise SAP teams can make is to stop treating USMM, LAW, and STAR outputs as authoritative facts and start treating them as contested evidence. These tools produce data. How that data is interpreted, classified, and priced to produce an ELP involves dozens of decisions — and enterprises have the right to scrutinise every one of them.

SAP's audit organisation is professional, experienced, and commercially motivated. It uses these tools effectively on its own behalf. Enterprises that understand how the tools work, where the systematic biases lie, and what challenges are available to them consistently achieve better audit outcomes than those that accept the measurement at face value.

The articles in this series go deeper on each component. Read about how SAP USMM works and what it actually measures, what auditors look for in the SAP LAW report, the complete STAR measurement tool guide, and how to prepare your systems before SAP runs USMM.

If you are managing an active SAP audit or preparing for one, contact us for an independent assessment. Our SAP audit defence service provides forensic analysis of measurement outputs, contractual review, and expert representation through the settlement process — entirely buyer-side, with no affiliation to SAP.

Our Services

SAP Audit Defence Advisory

Forensic USMM & LAW analysis, ELP challenge methodology, and expert settlement negotiation — 100% buyer-side.

Explore Audit Defence → Case Studies

Real Audit Defence Results

See how we've helped enterprises reduce SAP audit claims by 30–60% through measurement challenge and ELP forensics.

Read Case Studies →