System copies, test environments, and user classification decisions made by IT teams create the compliance exposure that SAP auditors exploit. This is the technical leader's guide to understanding and controlling your SAP licence compliance position before SAP does it for you.
SAP's licensing model distinguishes between production and non-production systems — but the classification rules are far more specific than most IT teams realise. Misclassifying a system, even unintentionally, can create a back-licence exposure that SAP will identify during an audit measurement.
In SAP's licensing framework, a production system is any system where live business transactions are processed — regardless of what your IT team calls it. This includes:
SAP's standard licence agreement ties named user counts to the production system landscape. Any system that touches live data may be counted.
SAP's licence agreement typically permits a limited number of non-production systems for development, testing, and training at no additional named user licence cost — subject to strict conditions:
The last point catches most organisations. Non-production systems do not give you additional user capacity — the same users must be licensed in production.
Many IT teams create sandbox or training environments using a system copy of production, then give access to users who are not in the production licence count — typically for onboarding, testing, or temporary project access. SAP will count these users as requiring licences. If your training or sandbox system has 200 users and your production count covers 150, you have a 50-user shortfall that becomes an audit finding. Get this reviewed as part of your licence compliance assessment.
SAP's named user licence types are based on what a user can do, not what they typically do. IT teams that assign lower licence types to reduce cost — or inherit configurations from a previous team — are the most common source of user type audit findings.
Developers with access to SE80, ABAP workbench, transport management, or any Basis administration function typically require a Professional User licence — the highest tier. IT teams frequently assign Developer User licences (a separate SKU), which is often insufficient for users who also perform configuration or system administration tasks.
The measurement: SUIM and USMM will identify authorisation objects associated with development activities. If a user has S_DEVELOP at a level that permits modification, SAP will classify them accordingly.
System administrators performing Basis activities — transport management, user administration, system monitoring via SM50/SM66, profile maintenance — typically require Professional User licences. Assigning them Limited Professional or Employee type licences because "they don't do business transactions" is a common miscalculation.
SAP's measurement tools identify the authorisation profiles assigned, not the tasks actually performed. Broad Basis profiles almost always trigger Professional User classification regardless of actual usage patterns.
Automated test users, integration users for middleware systems, and service accounts used by third-party tools connected via RFC or BAPI are frequently left unclassified or assigned minimal licence types. SAP's position is that any system user accessing the SAP application layer requires a named user licence unless covered under the Digital Access model.
Review all technical users and RFC connections as a priority before any SAP measurement exercise.
When non-SAP systems connect to SAP — whether via RFC, BAPI, OData APIs, IDocs, or flat-file interfaces — the licensing question is not whether a human user is involved but whether SAP data is being read or written. IT teams managing integration architecture carry direct responsibility for indirect access exposure.
Any third-party system that reads or writes SAP data through the application layer — not via direct database access — may trigger named user licence requirements or Digital Access document charges. The most common triggers IT teams encounter:
SAP's Digital Access licensing model (introduced formally in 2018) converts indirect access from named user exposure to document-based pricing. Instead of counting the users behind a third-party system, SAP counts the number of specific document types created — purchase orders, sales orders, goods receipts, journal entries, and five others.
For IT architects, the implication is significant: every integration that creates one of the nine document types in SAP is potentially billable. The volume can be very high in high-throughput environments.
Our Digital Access guide explains exactly which document types are charged, how to measure your exposure, and how to negotiate Digital Access into your contract structure.
Review Your Integration Risk →SAP uses two primary tools to measure your licence position: the User and System Measurement (USMM) and the License Administration Workbench (LAW). Understanding what these tools measure — and how to influence the output — is one of the most valuable capabilities an IT Director can develop. Our USMM guide covers this in depth.
Before any measurement, export your complete user list from SU01 and cross-reference against your contractual named user entitlements. Identify users who haven't logged in for 90+ days — these can often be locked or deleted to reduce the live user count. SAP counts valid users, not just active ones, so locked users typically do not count. Document your methodology.
USMM classifies users based on their authorisation profiles, not their actual logged transactions. If a user has a composite profile that includes development or administrative authorisation objects, USMM will classify them at the highest matching licence type. Run a pre-measurement classification report and remediate misassigned profiles before the formal measurement window.
Ensure every system in your landscape is correctly classified in the System Landscape Directory (SLD) and in LAW before measurement. Production, development, test, and quality systems must be accurately tagged. If SAP disputes a system's classification during audit, you need written documentation of your rationale — ideally contemporaneous with the system's creation.
Running your own USMM measurement 3–6 months before the annual licence review gives you time to remediate findings on your terms. You can lock inactive users, adjust profiles, and address integration exposure without the pressure of a live SAP audit. If the self-assessment reveals a material shortfall, it also gives you time to engage commercial teams and consider remediation options rather than receiving a back-licence demand. Our team can help with a licence optimisation review before your next measurement cycle.
SAP migrations — whether to S/4HANA on-premise, SAP Cloud ERP Private (formerly RISE), or GROW with SAP — create a unique licensing window. Decisions made during migration planning define your licence position for the next 5–10 years. IT Directors involved in migration architecture need to understand the commercial implications alongside the technical ones.
S/4HANA changes the licensing model in several ways that affect IT architecture:
Our S/4HANA migration licensing advisory ensures your migration is commercially structured before you sign.
RISE with SAP (now Cloud ERP Private) shifts infrastructure responsibility to SAP but creates new licence complexity for IT teams:
Review our RISE with SAP advisory to understand the technical and commercial trade-offs.
What the User and System Measurement tool measures and how to prepare your landscape for accurate results.
The License Administration Workbench explained: consolidation reports, system classification, and what auditors look for.
Dev, test, QA, and production rules explained — including what SAP counts and where refreshes create risk.
We work with IT Directors to identify and remediate SAP licence exposure before the audit letter arrives. Our technical landscape reviews cover system classification, user type analysis, integration mapping, and USMM preparation — giving you a defensible position before SAP's measurement window opens.