Indirect access licenses: How to make something complicated even more complicated [shutterstock: 296778314, zimmytws]
In the last several months, much has been written about “indirect access”. What does this mean and which licenses should SAP customers be purchasing? Even SAP has not exactly provided clarity, but rather has increased the confusion by making amendments to the description of the “SAP NetWeaver Foundation for Third Party Applications” in the Pricing and Conditions List (PCL) 2016/2.
The topic “indirect access” is to be considered from two perspectives: on the one hand, it’s about whether the user accesses SAP software directly or indirectly. Depending on the type of use, each user is required to have a corresponding user right in the form of a “Named User License”. On the other hand, there are applications that use SAP technology. In such cases, SAP customers should purchase a corresponding user right for “SAP NetWeaver Foundation for Third Party Applications” from SAP.
Usage by user
The case of usage by the user is comparatively straightforward. From the perspective of SAP, it’s about preventing abuse. SAP requires that anyone using SAP software must have the appropriate user rights independent of how they access the software. This is initially transparent and understandable. Salesforce.com is often cited as an example. If a SAP customer decides against using SAP’s CRM solution and instead chooses to connect Salesforce.com to their SAP system, SAP functions (from the SD module for example) are still used in certain circumstances. SAP requires a user right for this. It is the responsibility of the SAP customer to determine if the user already has a sufficient Named User License. If up until this point, an employee only has had the so-called Employee License (ID 54), then this is not sufficient to access the SD module via Salesforce.com. In this case, a “SAP Professional User” License (ID 52) must be purchased and the existing Employee License can be used by another employee.
It gets more complicated when dealing with the “SAP NetWeaver Foundation for Third Party Applications” License. The issue is not new, but has been increasingly communicated through SAP’s sales team during SAP system measurements since 2015.
SAP NetWeaver Foundation for Third Party Applications
The description has changed repeatedly since the introduction of NetWeaver. The difficulty starts here: Which of the various descriptions is valid? It is of prime importance to determine when the customer acquired the NetWeaver License, respectively at what time SAP licenses were most recently purchased. If the last time a SAP customer purchased additional licenses was three years ago, the PCL from three years ago is valid, not the one from 2015 or 2016.
Up to and including the PCL 2016/1, SAP customers who purchased the NetWeaver License are granted the right to run SAP software only on SAP technology (NetWeaver Runtime Environment).
According to SAP, in-house applications and applications from third-party providers require a separate user right, namely the “SAP NetWeaver Foundation for Third Party Applications“ License. From a legal perspective, it is highly debatable that in addition to the purchase of the so-called Developer License an additional authorization is required for in-house development.
Additional purchases must be analyzed on a case-by-case basis to determine if SAP copyright law is being violated. Since the PCL 2016/2 and even in the PCL 2016/3, which in this context did not further change, it is not a question of whether SAP technology is used or not. Rather, it’s about using an SAP interface and accessing information in SAP application tables. If both criteria are met and thereby third-party applications are being used, SAP requires the aforementioned “SAP NetWeaver Foundation for Third Party Applications”-License.
To determine if and with which applications you have licensing requirements, we recommend the following analyses:
SAP contract analysis
When and what did we purchase and which PCL (with respect to NetWeaver usage) did we accept? If you have several active contracts, different definitions may apply – that poses the question, which one is actually valid?
SAP architecture analysis and user analysis
Which third-party application accesses SAP application data using an interface? Or is only your own data accessed in the SAP tables? How many users use this application? If the application runs on NetWeaver Technology is irrelevant to the latest definition. This represents a tightening of the definition, because before the PCL 2016/2, the application had to run based on NetWeaver Technology. That is no longer necessary according to the current valid definition. To stay with the Salesforce.com example: Up to and including PCL 2016/1, an ‘only for user’ user right had to be purchased. Beginning with the PCL 2016/2, the “SAP NetWeaver Foundation for Third Party Applications” license must also be purchased for Salesforce.com.
After completing both of these analyses, that determine the maximum financial risk, a legal analysis should take place. You need to evaluate, per application, if copyright infringements are present. Just because SAP writes different definitions of their NetWeaver Technology in their PCL, it does not mean a legally justifiable claim derives from it.
The topic “indirect access” is deliberately complex; clarity is sought in vain. While contract analysis and legal evaluation are purely manual activities, system and user analyses can be performed with the support of tools (for example with SmartTrack License Control for SAP). In light of the issues described, an analysis of the SAP system cannot determine the facts surrounding indirect access. Every SAP customer is required to determine per application for themselves whether “SAP NetWeaver Foundation for Third Party Applications“ is necessary or not.
It’s exciting to think about how “indirect access” will evolve in the future – particularly if SAP continues with the massive additional charges it began imposing on its customers in 2015.