Académique Documents
Professionnel Documents
Culture Documents
www.AuditBots.com
Page 1 of 14
Table of Contents
Simple Steps for SAP Risk Management and SAP License Optimization .......................................................... 3
License Optimization ............................................................................................................................................... 3
SAP License Model: Difference between Concurrent and Name users .............................................................. 4
Step 1: Understanding the SAP License Contract: ............................................................................................... 5
Simple tips and Best practices ............................................................................................................................... 8
Final Results Tabulation ......................................................................................................................................... 9
SAP License Optimization tool from AuditBot .................................................................................................... 11
AuditBot Data aggregation Process..................................................................................................................... 12
The Process for License optimization ................................................................................................................. 12
Key Benefits of License optimization: ................................................................................................................. 14
www.AuditBots.com.
Page 2 of 14
The maintenance cost annually for most SAP modules is approximately 22%.
Gartner has a benchmark of fair SAP license fees to be between $1400 and
$2000 per user
It can be difficult to find comprehensive documentation that gives an easy answer to this question.
www.AuditBots.com.
Page 3 of 14
Cost
Developer
High
Professional or Operational
High
This is concurrent users. This means, if you have 20 employees who might use the system, but only 9 at the
exact same time, you could buy 9 licenses as long as folks log out when they are done. There may be
processes in place not to allow more users to logon to the system. Which also means that you can have
many users but only the specific number of users will be able to logon to the system. You cannot have
more than 9 LOGGED ON at any one time. The 9 may or may not be actually doing anything actively,
but if they are LOGGED ON then generally they are IN the count of Concurrent for License management
purposes. Concurrent user model is preferred by some small customers as they feel they are getting a
little bonus by purchasing, say, 20 concurrent users, when they may have 40 people set up on the system.
Named Users licenses means if you have 20 employees who might use the system, you need to purchase
20 licenses regardless of how many are on at the same time. SAP licenses are name user licenses. That
means the users licenses are tied to the user id. Even if you have multiple systems you can have one user
id and you will be only counted once.
Companies don't like to pay for named users, because the odds are that once they get over 10,
someone is going to be out of the office, on vacation, sick, etc. on any given day, and that license will
not be used.
Usually vendors will charge a bit less for named licenses due to this.
SAP license model is named user license model, which mean each user id is counted. So you have to
carefully watch the number of license created in SAP system and user id created in non SAP systems
which are accessing the SAP systems. This is called indirect access.
Bottom line is number of Unique user ids created in SAP systems and non SAP systems (Accessing SAP
system)
www.AuditBots.com.
Page 4 of 14
Cost
Developer
High
Professional or Operational
High
Limited professional
Medium
Employee
Low
Count
This information can greatly help to access where you are and what you want to do. Without this
information it will tough to access your situation and identify the steps to follow to optimize your SAP
license.
Step
Description
Under
Stand
Transaction used
the
number
SAP
Off Line
License
SAP
Benefit
Complex
ity
Unser
Low
SAP
Proper
Low
License
License
License
Purchased
License
Responsi
ble
Person
Admin
Contract
Pick
www.AuditBots.com.
the
proper
Price list in
USMM
Page 5 of 14
USMM
Admin
Assigned
SAP
Get
SUIM
Low
Review
Security
informatio
Admin
on
actual list
check
of
if
you
have
User
Created
License count.
in
the
System
Organize
the User by
task
User Group
which
has
to
be
SAP
Easy
Security
assign
Admin
License
to
Medium
on
Medium
type
group
should
be
Locking
Locking
Inactive
Users
users
who
are
SUIM
SAP
Save
Security
SAP
Admin
License
Cost
SE16
ent
Market Place
License
SAP
SAP
Service
marketplace.
and
Service
SAP
Basis
Admin
Mistake
Medium
could be
Costly
www.AuditBots.com.
service
market.
This
Page 6 of 14
Then
number
review
of
entries
DEVACCESS
in
all
the
in
the
Development systems.
Preventing
Multi logon
RZ11
SAP
Basis
Admin
instance
via
Could
High
invite
penalty
profile
parameter
:login/disable_multi_gui_logi
n =1
Assigning
SAP
License
Type
to
Roles
LICENSE_ATTRIBUTES
SAP
Save you
Security
from
High
guessing
inherits
the
users
based
assigned
rather
roles
than
guessing.
Removing
PRGN_COMPRESS_TI
SAP
General
Duplicate
MES
Security
Cleanup
roles
SE37
SAP
Identify
Security
the
remove
duplicate
High
role
dates)
compression
of
i.e
duplicate
highest
end-date
n Usage
www.AuditBots.com.
data.
Using
High
Key
transactio
Page 7 of 14
Transaction
SE37
(ABAP
ns used
SAP
This could
System
License
cost
Access
SAP System.
Consultant
company
Non
SAP
Review
the
NON
SAP
Manual
High
the
surprise
fees if not
analyzed
You can also use the Cost center and Account Number field in SAP User master to
indicate a specific location and any additional information. This will help you charge
back the clients for the license used by specific division or subsidiary
Look at the service user type users in the systems that are mainly used for testing and
validation purposes. Too many service users could trigger a SAP audit.
When creating new users with the user maintenance transaction (SU01), you can enter
the measurement-relevant data immediately (choose the "License Data" button or tab
page).
www.AuditBots.com.
Page 8 of 14
Expected
Actual
number
of
Limited
Professional User
Total Number of Information User
or Employee
Total Number ECC or MSS Users
Display
Roles
End User
Roles
Support
Roles
Basis Roles
Update
Role
Risk
Maintain Client
Setting SCC4
Perform Import into
System STMS
Number of User with
SAP * Profiles
Create Users SU01
Mass Maintain Users
SU10
Maintain Table
SM30 and
www.AuditBots.com.
Page 9 of 14
S_TABU_CLI
Open and Close
Posting Periods
OB52
Process Payment
F110
Mass Change
Material Master
MM17
Sensitive
Transaction
End
User
Support
User
Basis User
Security
User
Display
User
Risk
Maintain Client
Setting SCC4
Perform Import into
System STMS
Number of User with
SAP * Profiles
Number of User with
SU01
Number of User with
SU10
Number of Users with
SM30 and
S_TABU_CLI
Open and Close
Posting Periods OB52
Process Payment
F110
Mass Change
Material Master
MM17
www.AuditBots.com.
Page 10 of 14
www.AuditBots.com.
Page 11 of 14
Data Aggregation: relevant usage and logon data is being aggregated across all connected SAP
systems.
Data Analysis: the data is then analyzed relative to duplicate/obsolete/erroneous user accounts,
logons, usage, roles, license types, and indirect access flags.
License optimization: upon analysis, recommendations for optimizations are made. Approved
changes are submitted via the SAP change queue for implementation.
SAP system health check: Identifies vulnerabilities in the existing SAP authorization concept,
including a Segregation of Duties (SoD) analysis.
www.AuditBots.com.
Page 12 of 14
SAP license inventory: Conduct an inventory of your SAP landscape including end-user and
engine measurements.
SAP license compliance review: Review your current user management cycle, evaluate
adequacy of controls and procedures that monitor actual SAP license management. Verify
entitlement vs. deployment of licenses and existence of indirect system usage.
www.AuditBots.com.
Page 13 of 14
www.AuditBots.com.
Page 14 of 14