SAP Indirect Access and Digital Access: The Complete Guide

What Is SAP Indirect Access?

SAP indirect access refers to situations where users, systems, or automated processes interact with SAP data or functionality without directly logging into SAP using a named user licence. The classic scenario is a third-party application — a CRM platform, an e-commerce system, a warehouse management tool, or a robotic process automation (RPA) bot — that integrates with SAP to read data, create transactions, or update records on behalf of users who have never been assigned an SAP licence.

Under SAP's traditional, pre-2018 licence model, indirect access was governed by the named-user licence framework. SAP's contractual position was that any person whose activities ultimately cause data to be written to or read from SAP — even indirectly — required a named user licence. This interpretation created enormous potential exposure for organisations with complex integration landscapes, because in theory every person using a third-party application that touched SAP could be characterised as requiring an SAP licence.

SAP pursued indirect access audit claims under this model aggressively in the 2015–2018 period. Landmark cases in this era — including proceedings involving Diageo and Anheuser-Busch InBev — brought the issue to widespread attention and created significant pressure on SAP to reform its approach. In 2018, SAP introduced the Digital Access model as a structured alternative to the named-user approach for third-party integrations.

SAP Digital Access: The Modern Model

SAP Digital Access replaces the opaque named-user indirect access model with a document-based consumption model. Instead of counting users who might indirectly touch SAP, SAP counts the business documents created in SAP by external or non-human sources — the Digital Document Licence Consumption (DDLC) metric. You purchase a volume of documents and pay for the documents your integrations create.

The Digital Access model has several structural advantages over the old indirect access framework. It is more transparent — you can measure your exposure in advance rather than waiting for an audit to quantify it. It is more scalable — document volumes grow with your business in a predictable way, rather than creating sudden compliance cliffs when you add a new integration. And it specifically excludes read-only scenarios — if an external application reads SAP data without creating new documents, that activity does not trigger a Digital Access fee.

However, Digital Access also creates new complexities. Document volume can grow unpredictably with automation, IoT integration, and AI-driven process automation. Line-item counting rules mean that a single high-line-count purchase order contributes multiple documents to your DDLC consumption. And the pricing for pre-agreed document volumes escalates steeply when consumption exceeds the contracted allotment.

It is important to understand that the Digital Access model applies primarily to SAP S/4HANA environments. Customers on SAP ECC (SAP Business Suite) prior to S/4HANA migration have the option to adopt Digital Access proactively through the DAAP programme, but the old named-user indirect access framework technically still governs their ECC environments unless they have explicitly transitioned to Digital Access terms.

The DDLC Metric Explained

DDLC — Digital Document Licence Consumption — is the unit of measurement for SAP Digital Access. One DDLC unit represents one qualifying business document created in SAP by a non-human or non-direct-user process. This metric is SAP's commercial instrument for quantifying indirect activity in modern integrated environments.

The DDLC metric operates on two key principles. First, only document creation triggers consumption — reading data, updating existing records, or querying SAP via API without creating a new document does not count. This is a significant and buyer-friendly carve-out that many organisations underestimate. Second, the nine document types covered by DDLC are specifically enumerated in SAP's Digital Access terms — activities that do not create one of these nine document types are also out of scope.

SAP measures DDLC consumption using its SAP Passport technology — a technical marker embedded in SAP transactions that identifies whether a document was created by a human user logging directly into SAP, or by an external system or automated process. The SAP Passport mechanism is highly accurate at detecting externally originated activity and is the basis for SAP's audit tooling in this area. Third-party licence management tools from vendors such as Flexera, Snow, and USU also include Digital Access tracking modules that allow buyers to monitor their own DDLC consumption independently.

The Nine DDLC Document Types

SAP's Digital Access model covers nine specific business document categories. Understanding what each covers — and critically, what counting rules apply — is essential for modelling your exposure and negotiating your document volume.

The line-item counting rule is particularly important for organisations with high-volume procurement or sales integration. A purchase order with 50 line items created by an external procurement system counts as 50 DDLC units, not one. For organisations that process thousands of multi-line purchase orders through automated EDI or procurement platforms each month, the DDLC volume can reach tens of millions of units annually — requiring a substantial pre-purchased document allotment.

Organisations should run a DDLC consumption model across their entire integration landscape before entering any Digital Access negotiation. This requires mapping every external system that interacts with SAP, classifying which of the nine document types each system creates, estimating creation volumes and average line counts, and applying SAP's counting rules to generate an annual DDLC projection. This exercise consistently reveals that organisations' actual DDLC exposure is materially different from their initial estimates.

How SAP Constructs Indirect Access Audit Claims

Having defended over 80 indirect access disputes per year, Redress Compliance has detailed knowledge of how SAP's audit teams approach these claims — and this knowledge is directly applicable to building an effective defence.

The Initial Measurement Request

SAP typically begins an indirect access audit claim by requesting that the customer run specific SAP measurement programmes or scripts. These tools scan the system and generate a report of externally originated document creation activity over a defined lookback period, typically 12 months. SAP's audit team then takes this measurement output and applies their commercial model — document volume multiplied by SAP's reference pricing for that document type — to produce an exposure figure.

Buyers frequently comply with this measurement request without fully understanding that the measurement output will form the basis of SAP's financial claim. Before running any SAP-requested measurement tool, organisations should engage a buyer-side adviser to assess the scope and implications of the measurement, ensure the lookback period is appropriate, and establish whether the measurement programme correctly excludes read-only and static access scenarios.

Claim Construction Methodology

SAP's indirect access claim methodology combines several elements: the volume of out-of-scope document creation identified through measurement, the application of SAP's published Digital Access pricing for each document type, a multiplier for any annual support charges on the claimed document volume (approximately 22% per year in arrears), and a retroactive calculation back to the earliest date SAP's measurement data identifies out-of-scope activity.

The retroactive element is the most commercially dangerous aspect of an indirect access claim. SAP's position is that the obligation to licence indirect access arose at the moment the out-of-scope activity commenced — not at the moment of the audit. For a large organisation with complex integration landscapes in place since 2015 or earlier, this can mean a retroactive claim spanning five or more years of accumulated exposure.

Factual Disputes and Reduction Strategies

A significant proportion of SAP's initial claim figures are reducible through factual challenge. Common areas of dispute include: the measurement period (was it representative, or did it capture an anomalous spike?), the classification of read-only activity that should have been excluded, the counting methodology for line items (was SAP counting correctly?), the applicable SAP Passport version and whether it accurately distinguishes human from automated activity, and whether historical contract amendments explicitly permitted certain indirect access scenarios.

In our experience defending indirect access claims, well-documented technical evidence — RFC logs, IDoc records, interface architecture diagrams, and historical contract correspondence — consistently reduces the initial SAP claim. The reduction achievable varies widely, but a 30–60% reduction from the initial claim figure is common in contested disputes where the buyer has invested in proper documentation and technical analysis.

SAP's Digital Access Adoption Program (DAAP)

SAP introduced the Digital Access Adoption Program (DAAP) in 2019 as a commercial on-ramp for customers to transition from the old named-user indirect access model to the Digital Access document-based model. DAAP remains available in 2026 and provides two significant buyer benefits.

First, DAAP allows customers to purchase initial Digital Access document volumes at up to 90% discount from SAP's standard Digital Access list pricing. This discount is designed to make the transition commercially attractive by reflecting that customers are converting from a model where they may have been (unknowingly) non-compliant to one where their usage is covered. The 90% discount applies to the initial document volume at DAAP adoption; subsequent additional document purchases are at standard or negotiated pricing.

Second, DAAP allows customers to trade in existing named-user licences for Digital Access document volume credit. This trade-in provision reflects SAP's acknowledgement that named-user licences purchased historically may have been used in part to cover what is now a Digital Access scenario. The trade-in calculation is based on SAP's valuation of the surrendered licences — buyers should independently model whether the trade-in credit adequately reflects the value of surrendered perpetual licences before agreeing to the exchange.

DAAP has no published expiry date, but SAP reserves the right to terminate the programme. Organisations that are aware of indirect access exposure and have not yet adopted Digital Access should evaluate DAAP urgently — the 90% introductory discount significantly reduces the cost of regularising compliance compared to a post-audit settlement.

Indirect Access in RISE with SAP

A common misconception among organisations migrating from on-premise SAP to RISE with SAP is that the RISE subscription covers all indirect and digital access obligations. It does not. RISE with SAP includes an allocation of Digital Access documents as part of the RISE bundle — but this allocation is typically sized for basic integration scenarios and is insufficient for organisations with complex, high-volume integration landscapes.

Buyers transitioning to RISE with SAP should explicitly scope their Digital Access document requirements as part of the RISE commercial negotiation. The standard RISE Digital Access allocation should be evaluated against an independent DDLC consumption model. If the consumption model indicates that actual volumes will exceed the included allocation, additional document volumes should be negotiated at contract signature — before migration go-live, when SAP's commercial leverage is lower and the buyer's alternatives are broader.

S/4HANA migration also changes the licence baseline in ways that can affect the Digital Access position. Some indirect access patterns that existed in the ECC environment may be eliminated by S/4HANA's built-in Fiori user experience and native API capabilities. Conversely, new integration architectures enabled by the BTP platform may create new Digital Access exposure that did not exist in the ECC landscape. A pre-migration Digital Access audit is strongly recommended for any organisation with significant integration complexity.

Hybrid Licensing Strategies: Digital Access and Named Users Together

Not all indirect access scenarios are best addressed through Digital Access. The optimal strategy for many organisations is a hybrid approach that uses Digital Access for high-volume automated integrations and named-user licences for lower-volume, user-driven external access scenarios.

The economics of this choice depend on a precise comparison. For a scenario where 50 external users access SAP through a third-party portal and each creates an average of 5 documents per day, the named-user approach (50 Limited User licences at approximately $50 per user per month) costs $2,500 per month. The Digital Access equivalent (50 users × 5 documents × 22 working days × 12 months = 66,000 documents per year) at SAP's Digital Access document pricing may be more or less expensive depending on negotiated document pricing. The breakeven analysis varies significantly by document type, volume, and negotiated rates.

A rigorous hybrid strategy analysis considers each integration and external access scenario individually, applies both licensing models, and selects the lower-cost approach for each. This analysis requires accurate usage data and current SAP pricing benchmarks — exactly the type of analysis that buyer-side advisers with current market intelligence can provide more reliably than internal procurement teams working with SAP's published list prices.

Building Your Indirect Access Defence Position

Whether you are facing an active audit, proactively managing exposure, or negotiating a Digital Access contract, a strong defence position rests on the same four pillars: measurement, documentation, contractual protection, and commercial resolution strategy.

Measurement: Know Before SAP Does

Running your own DDLC measurement before SAP requests it is the most important step in managing indirect access risk. Independent measurement allows you to identify and remediate high-risk integration scenarios before they are quantified in an audit, provides a factual basis for challenging SAP's measurement if it differs from yours, and informs your Digital Access contract negotiation with realistic volume data. Use third-party licence management tools in addition to SAP's native measurement capabilities — independent data points strengthen your negotiating position.

Documentation: Technical and Contractual Records

Maintain contemporaneous documentation of your integration landscape: architecture diagrams, interface specifications, RFC connection logs, IDoc configuration records, and API gateway logs. Contractual documentation matters equally — preserve all historical Order Forms, purchase agreements, and any written communications from SAP that address how specific integrations should be treated commercially. SAP's audit teams respect well-documented technical and contractual evidence. Undocumented claims are significantly harder to sustain.

Contractual Protection: Proactive Clause Negotiation

Negotiate explicit Digital Access protections into your SAP contracts at every commercial opportunity. Key clauses include: a specific definition of what constitutes indirect access in your environment, confirmation of read-only exclusions in writing, a pre-defined DAAP transition path with documented pricing, and an audit dispute resolution process with minimum 90-day cure periods before SAP can escalate to legal proceedings. See our companion article on SAP Indirect Access Mitigation Contract Clauses for detailed clause language.

Commercial Resolution: Settling from Strength

When an indirect access claim is presented, the initial figure is almost always negotiable. SAP's audit resolution process has established negotiating patterns: initial claims are presented at maximum theoretical exposure; well-prepared buyers with strong technical documentation consistently achieve significant reductions. The typical settlement range for indirect access claims is 25–60% below the initial claim figure when buyers engage expert advisers who understand SAP's internal settlement dynamics. Redress Compliance has resolved over 80 indirect access disputes per year and brings this settlement benchmark knowledge directly to our clients' negotiations.