Locations

Resources

Careers

Contact

📅 Book a Meeting with Redress Compliance

Primavera Licensing

Managing Indirect Access in Oracle Primavera P6

Managing Indirect Access in Oracle Primavera P6

Managing Indirect Access in Oracle Primavera P6

Executive Summary: Indirect access to Oracle Primavera P6 data is a significant yet often overlooked licensing risk.

When users interact with Primavera P6 through other systems (via integrations, web services, or third-party applications) without logging into P6 directly, Oracle still considers it a licensable use.

Many enterprises have been caught off guard by audits uncovering hundreds of “indirect” users, resulting in unplanned costs.

This advisory explains what indirect access in Primavera P6 entails, why it’s risky, and how to manage it proactively with examples and best practices to avoid compliance surprises.

Understanding Indirect Access in Oracle Primavera P6

What is Indirect Access?

In Oracle’s terms, indirect access means any user accessing Primavera P6’s data or functionality via another application instead of logging into P6 itself.

In other words, if Primavera’s information is consumed through a secondary interface, those users are indirectly using Primavera P6. Oracle’s licensing rules make no distinction – indirect use is treated the same as direct use.

How it Happens: Indirect access can occur through numerous integration points in a modern enterprise IT environment.

Common examples include:

  • BI Dashboards: A business intelligence tool (e.g. Power BI, Tableau) displays Primavera P6 project data to managers. Those managers who never sign into P6 are still leveraging P6 data.
  • ERP or Other Systems: Primavera P6 is integrated with an ERP or finance system, allowing ERP users to view or update project schedules and resource data from the ERP interface.
  • Custom Portals or Apps: An internal web portal or mobile app retrieves P6 schedule information (via APIs or database links) to enable team members to view progress or submit updates without using the P6 client.
  • Automated Reports/Bots: Scripts or bots query the P6 database and send out project status reports to a broad audience by email or SharePoint.

In all these cases, people receiving or interacting with Primavera data through external systems are considered P6 users by Oracle.

If users benefit from Primavera P6 data – even indirectly – they must be licensed for P6. This fundamental principle drives the compliance requirements around indirect access.

Why Indirect Access is a Hidden Licensing Risk

Indirect access is a hidden risk because it’s easy for organizations to overlook.

Project teams eagerly integrate Primavera with other tools for efficiency, but IT asset managers must realize that every integration can quietly multiply their license obligations.

Key reasons this is a serious risk:

  • Unnoticed User Expansion: An organization may have 50 named users officially on Primavera, but an integration to a reporting portal might expose P6 data to 200 additional employees. Those 200 are essentially “untracked” P6 users unless properly licensed.
  • Oracle’s Strict Policy: Oracle’s contracts explicitly require licensing for indirect use. There is no free pass for viewing data through another system. Even read-only access or infrequent use by an employee counts as usage that needs a license.
  • Audit Surprise: Oracle’s License Management Services (LMS) auditors actively look for indirect access during audits. They will request details of any applications or interfaces connected to P6 (for example, the use of the Primavera Web Services API, links to other databases, etc.). If an audit reveals, for example, 150 unlicensed users accessing P6 data via a web service, Oracle will typically demand licenses for each, often retroactively.
  • Significant Financial Impact: The cost of trueing up can be huge. Companies have been presented with hefty bills for back-dated support and new licenses after audits uncovered indirect usage. These unbudgeted costs can reach into the hundreds of thousands of dollars, harming financial planning.
  • Compliance and Reputation: Non-compliance findings sour the vendor relationship and put the company on Oracle’s radar. It may weaken your negotiating position in renewals and cause management scrutiny due to governance lapses.

Bottom line: Indirect access can greatly expand the number of required Primavera P6 licenses without obvious signs, making it a stealthy compliance pitfall. Proactively identifying and managing these scenarios is essential to avoid nasty surprises.

Common Indirect Access Scenarios and License Implications

Managing indirect access in Oracle Primavera P6 starts with recognizing the typical scenarios in which it arises. Below are examples of how indirect use might occur and what the licensing implications are in each case:

Integration ScenarioLicense RequirementRisk if Ignored
BI Dashboard (e.g. Power BI) – 10 managers view live Primavera P6 project dashboards outside P6.All 10 managers need valid Primavera P6 user licenses (as if they logged in directly).10 unlicensed users would be flagged in an audit, triggering purchase of licenses plus back-support fees for each.
ERP Integration – Primavera P6 schedules feed into an ERP module viewed by 50 ERP users.Each of the 50 ERP users must have a P6 license (or equivalent P6 API access license) to comply.Oracle would consider all 50 as unlicensed usage, leading to a costly compliance gap (50 licenses + penalties due).
Custom Web Portal – 100 team members update or view project data via a portal using P6 Web Services/API.100 Primavera P6 licenses required for those users (or appropriate “Primavera Web Services” licenses per user if they aren’t direct P6 users).Every unlicensed user is a liability – an audit could force licensing of all 100, with significant unplanned expense.

These scenarios illustrate that indirect access can dramatically increase the number of individuals requiring licenses.

Even passive viewers of Primavera data are considered users. If not addressed, each scenario becomes an audit risk with potentially severe financial impact.

Oracle’s Policy and Common Misconceptions

Oracle’s licensing policy on this topic is unequivocal: any person accessing Primavera P6 data – directly or indirectly – must be licensed.

This policy catches many organizations off guard. A few common misconceptions often lead to compliance errors:

  • “Only the integration account needs a license.” In reality, while the technical service account (e.g,. an API account) needs to be licensed, every end user consuming Primavera data via that integration also requires a license. Licensing just the middleware or service account is not sufficient.
  • “If users only view data, we don’t need licenses for them.” This is false. Oracle considers viewing P6 data through another application as a form of use. Whether a manager is actively editing a project or simply seeing a report drawn from P6, from Oracle’s perspective, both count as usage that requires a license.
  • “Occasional or infrequent access shouldn’t count.” Unfortunately, Oracle does not exempt users based on frequency or duration of access. There is no “casual use” exception – even if an executive checks a Primavera-derived dashboard once a month, that individual is supposed to have a P6 license. Additionally, attempts to use one named license for multiple people (even at different times) violate Oracle’s no-sharing rule.
  • “We can use a generic read-only account for many viewers.” This approach is non-compliant. Oracle’s policy forbids generic or shared logins precisely because they try to circumvent per-user licensing. In an audit, Oracle will require identification of every individual who accessed Primavera data, and each would need to be licensed.

Oracle Primavera Web Services License:

Oracle does offer a specific licensing option called the Primavera P6 Enterprise Project Portfolio Management Web Services license.

This is essentially an integration license intended for scenarios where external systems or custom applications access Primavera. It allows the use of Primavera’s web services API and includes certain restricted-use Oracle technologies (such as WebLogic server) to support integrations.

Important: This license does not grant unlimited access to external users – rather, it typically requires that any user or developer not already licensed for P6 who accesses P6 through an API be covered by a P6 Web Services license.

In practice, it’s a way to license indirect usage in bulk, but technically, you still must count and manage those users. Always check Oracle’s specific terms for the Web Services license if you plan to use P6’s APIs heavily.

By dispelling these misconceptions, IT asset managers can better align internal practices with Oracle’s expectations.

Always refer to your Oracle agreement and official licensing guides: they clearly state that indirect usage is a licensable event. Misunderstanding these rules won’t excuse non-compliance during an audit.

Managing Indirect Access Risk in P6 Environments

Taking a proactive stance is the only reliable way to manage indirect access in Oracle Primavera P6.

Here are strategies and best practices to mitigate the risk and ensure compliance:

  • Inventory Integrations and Data Flows: Start by mapping out every integration point to Primavera P6. Identify all systems, reports, and interfaces (internal and third-party) that pull data from or push data into P6. This inventory reveals where indirect access is occurring.
  • Identify All Indirect Users: For each integration or report, determine who the end users are. This could be a list of managers viewing a dashboard, a group of ERP users, or a set of external partners receiving data. Document how many people (and who) benefit from each P6 data feed.
  • License Appropriately: Once you know the scope of indirect users, reconcile it with your license counts. Ideally, every individual identified should either have a Primavera P6 named user license or be covered under an appropriate license program (such as the Primavera Web Services user license, if applicable). If there are gaps, address them before Oracle does – consider purchasing additional licenses or adjusting access so that only licensed people get the data.
  • Use Least-Privilege Data Sharing: Expose Primavera data externally only when necessary. For example, rather than giving dozens of executives live access to schedule data via integration, you might provide a smaller number of licensed planners who compile reports for others. In cases where large audiences only need periodic info, consider distributing static reports (PDFs or snapshots) instead of interactive live links to P6. This limits the number of individuals who could be construed as “using” the software.
  • Establish Internal Policies: Build awareness in project teams and IT that Primavera P6 data cannot be freely shared without considering licensing impact. Establish a policy that the ITAM/licensing team must review any new integration or reporting solution involving P6. Educate stakeholders that adding an interface may require additional licenses.
  • Regular Compliance Audits: Treat indirect access checks as part of your regular license compliance reviews. For example, every quarter or before any Oracle true-up, review all known integration points and confirm that the associated users are licensed. This internal audit mindset will help catch issues early. It’s much better to find and resolve a 20-user discrepancy yourself than to have Oracle find it and impose back fees.
  • Optimize License Types: If many users only require light or view-only access, consider whether Oracle offers a lower-cost license for this purpose. In Primavera’s case, the on-premises “P6 Progress Reporter” user license or certain cloud subscription tiers (like Primavera Progress or Team Member licenses) can be cheaper alternatives for limited functionality. These can legitimately cover users who just report progress or view data, at a lower cost than full P6 licenses – potentially a cost-saving strategy if allowed in your scenario.
  • Contract and Negotiation Considerations: When renewing or negotiating your Oracle agreement, explicitly address indirect usage. Ensure the contract terms are clear on what constitutes use and whether any indirect use rights can be granted. While Oracle typically enforces standard policy, you might negotiate a discount or package deal for a large group of casual users (for instance, Oracle may bundle some read-only licenses at a lower rate or allow a specific number of viewers for free – this is not common, but everything can be on the table in negotiations). The key is to avoid ambiguity: get any special agreements in writing.
  • Leverage Expert Advice: If your Primavera environment is complex, consider consulting with Oracle licensing experts or third-party advisors. They can provide an objective compliance assessment and suggest optimization tactics. Experts who have handled Oracle audits are familiar with what auditors look for and can help preempt those findings. This extra diligence is worthwhile for large enterprises where the stakes are high.

By actively managing these aspects, you can reduce the risk that indirect access will lead to a compliance crisis.

The goal is not to eliminate integrations or cripple data sharing, but to do it in a controlled, well-licensed manner.

With vigilance and good governance, indirect access can be leveraged to the business’s benefit without incurring Oracle’s wrath.

Recommendations

  1. Discover All Access Points: Conduct a thorough discovery of where Primavera P6 data is flowing. Consult with application owners and architects to map out every integration, API usage, or reporting solution involving P6. This lays the groundwork for controlling indirect access.
  2. Align Licensing with Usage: Ensure your licensing matches your actual usage patterns. If 150 people view Primavera-based reports but you only have 50 licenses, address that gap proactively. Consider purchasing the necessary licenses or limiting access to live data. It’s better to right-size licenses now than during an audit.
  3. Implement Governance for Integrations: Create an internal approval process for new integrations or data extracts from Primavera. Require project teams to justify why data is needed and confirm that licensing for target users will be addressed. This prevents unauthorized or overlooked indirect use from cropping up.
  4. Use Technology Controls: Where possible, use technical measures to enforce compliance. For example, restrict the Primavera API or database access to authorized systems only; require user authentication that ties back to a licensed account when pulling data. Avoid using generic service accounts that feed wide distribution lists.
  5. Educate and Communicate: Regularly communicate Oracle’s indirect access rules to relevant teams (PMO, IT, BI developers, etc.). Ensure that everyone understands that sharing Primavera data isn’t free and may trigger license requirements. A short training or memo can dispel the “it’s just a report” myth and foster a compliance culture.
  6. Regular Self-Audits: Conduct periodic self-audits, focusing on indirect access. Simulate what Oracle auditors would look for: list out integrations, gather user counts, and verify each user is accounted for in your license count. Address any discrepancies internally before Oracle’s official audit.
  7. Plan for Worst-Case Scenarios: Have a contingency budget or plan in case you discover (or an audit reveals) a large number of unlicensed indirect users. Knowing the list price of Primavera licenses and Oracle’s support fees can help you estimate exposure. This doesn’t replace prevention, but it prepares the organization’s leadership for potential compliance costs.
  8. Engage Oracle Proactively: If you foresee a valid business need to expose Primavera data to a broad audience (say thousands of subcontractors or executives), engage Oracle early. Discuss licensing options – perhaps a special license tier or a cloud service that better suits your needs. Oracle may offer a solution tailored to that use case (for example, Oracle’s cloud licensing has a “Progress” user type for light usage). Early dialogue can sometimes lead to more flexible arrangements than a hostile audit outcome.

Checklist: 5 Actions to Take

  1. Inventory Your Primavera Integrations: List all systems, reports, and interfaces that connect to Primavera P6. Include details of what data is exchanged and who uses it.
  2. Identify and Count Indirect Users: For each integration or report, determine how many unique individuals view or interact with Primavera-derived data. Create a log of these indirect users.
  3. Reconcile with Licenses: Compare the indirect user list to your licensed user count to ensure accuracy. Address any shortfall by either acquiring additional P6 licenses or restricting access to the affected resources. If available, consider a specialized integration license (like Primavera P6 Web Services or a cloud module) to cover certain users more cost-effectively.
  4. Implement Controls and Education: Update internal processes to ensure that any new usage of Primavera data is evaluated for licensing requirements. Communicate the policy to all relevant staff. Make it part of the project kickoff checklists to consider software licensing when integrating systems.
  5. Review Regularly: Schedule a review (e.g., quarterly or biannually) to repeat steps 1–4. This ensures that as your environment changes – with new integrations, new users, and organizational changes – you remain compliant continuously, rather than scrambling during an Oracle audit.

FAQ

Q: What exactly counts as “indirect access” in Primavera P6?
A: Indirect access is when a user doesn’t log into Primavera P6 directly, but accesses P6 data or functions via another system. Examples include viewing P6-generated reports in another tool, updating P6 data through an integrated application, or any scenario where P6 is in the back-end and the user is on a different front-end. Oracle counts all those users as if they used Primavera itself.

Q: Do I need a license for someone who just views a Primavera report?
A: Yes. Under Oracle’s rules, even read-only viewing of Primavera P6 information via an external report or dashboard requires that the viewer be licensed for P6. Oracle’s philosophy is that if you benefit from the output of the software, you are using the software. There are no free “read-only” user allowances in standard P6 licensing (unless you have a special agreement or a specific limited-use license for that purpose).

Q: How does Oracle detect indirect usage during an audit?
A: Oracle auditors typically ask for comprehensive information about Primavera integrations. They may provide questionnaires or run scripts to identify links between P6 and other systems. For instance, they might ask if you use the Primavera Web Services API or request a list of any databases or applications connected to the P6 database. They’ll also interview administrators about data flows. If you disclose (or they discover) that, say, P6 feeds data to a Power BI system, they will then probe how many people access that Power BI report. Oracle audits are quite thorough in chasing down indirect usage once a clue emerges.

Q: Is there a cheaper way to license indirect users?
A: Potentially, yes. Oracle offers some alternative licensing options that could be relevant. For on-premise P6, there are limited-function licenses (for example, a “Progress Reporter” user license) that cost less than a full user license but allow only certain activities, such as status updates. In Oracle’s Primavera Cloud offerings, there are tiered user types (like read-only or task users) at lower price points. Additionally, the Primavera P6 Web Services license can be used to cover integration scenarios; however, it still requires licensing each external user or interface in a defined manner. You should discuss this with Oracle or a licensing expert to determine if these options align with your use case and can help reduce costs while maintaining compliance.

Q: What should we do if we discover unlicensed indirect use in our organization?
A: First, don’t panic – but do act promptly. Gather details on the scope: which users and how many are involved. Then evaluate your options: you can remove or cut off the unlicensed access (as a short-term fix) and/or purchase the necessary licenses to cover those users. Often it’s wise to involve a software licensing consultant or legal counsel at this stage, especially if an Oracle audit is already underway or looming. If an audit is not yet in play, you have the opportunity to quietly resolve the issue by buying additional licenses or negotiating an add-on deal with Oracle. It’s generally better to come into compliance voluntarily. Also, root-cause the situation – figure out why it happened (e.g., lack of awareness, poor controls) and fix that process, so it doesn’t recur. Oracle tends to be more lenient if you demonstrate good-faith efforts to comply and address the gap proactively, rather than waiting for them to identify it.

Read more about our Oracle License Management Services.

The #1 Global Oracle Licensing Experts – Redress Compliance

Do you want to know more about our Oracle Advisory Services?

Please enable JavaScript in your browser to complete this form.
Name
Author
  • Fredrik Filipsson

    Fredrik Filipsson is the co-founder of Redress Compliance, a leading independent advisory firm specializing in Oracle, Microsoft, SAP, IBM, and Salesforce licensing. With over 20 years of experience in software licensing and contract negotiations, Fredrik has helped hundreds of organizations—including numerous Fortune 500 companies—optimize costs, avoid compliance risks, and secure favorable terms with major software vendors. Fredrik built his expertise over two decades working directly for IBM, SAP, and Oracle, where he gained in-depth knowledge of their licensing programs and sales practices. For the past 11 years, he has worked as a consultant, advising global enterprises on complex licensing challenges and large-scale contract negotiations.

    View all posts

Redress Compliance