A comprehensive guide to SAP’s native compliance tools (USMM, LAW, SLAW, STAR), the Full User Equivalent (FUE) model, digital access metrics, and best practices for validating licence data before submission to SAP.
SAP licence compliance relies on accurate measurement of software usage across all systems. The licensing model uses various metrics — named user counts, engine utilisation, and documents for indirect access.
The most common metric. Individual people authorised to use SAP, categorised by type (Professional, Employee, etc.) and counted against entitlements.
Software components measured by usage metrics (sales orders, CPU cores, employee records). Some counted automatically; others require manual self-declaration.
A newer metric counting certain document types created in SAP via non-SAP systems (e.g., orders via API). SAP’s digital access licence requires tracking these document counts.
The consolidated user metric for S/4HANA subscriptions (RISE with SAP). Different roles consume fractions or multiples of an FUE.
For SAP licensing fundamentals, see the SAP Licensing Guide.
For classic SAP ERP (ECC) environments, USMM and LAW are the foundational tools for licence compliance.
Runs within each SAP system to scan and gather two critical data sets: named user licences and engine usage. It identifies all user accounts and their assigned licence types, tallies module-specific metrics, and flags unclassified or inactive users.
Any user not assigned a licence type will default to the highest-cost category. Classify every user before running USMM.
Consolidates USMM results from all systems into one combined report. LAW deduplicates user records — matching accounts for the same person across systems so they are counted only once.
Load the latest SAP user types via SAP Notes to ensure correct definitions per your contract.
Clean each system’s USMM input before consolidating — classify users, lock obsolete accounts.
Run LAW in simulation first. Use consistent attributes (email) to improve auto-matching.
Never hit “Send to SAP” without thorough internal review. Once transmitted, data is effectively final.
| Tool | Purpose | Scope |
|---|---|---|
| USMM | Measures named users and engine metrics | Single SAP system (ECC or S/4HANA on-prem) |
| LAW / SLAW | Consolidates multiple systems’ measurements | Central system — aggregates, deduplicates users |
| SLAW2 | Updated web-based LAW | Guided interface, landscape registry, HANA support |
| STAR | Estimates S/4HANA FUE requirements | Maps ECC roles to FUE categories for migration |
| Digital Access Eval | Measures indirect usage documents | ABAP report for Sales Orders, Invoices via APIs |
S/4HANA introduced simplified user types aligned to the FUE model: Advanced, Core, and Self-Service users, each with a specific FUE weight.
Instead of buying specific numbers of each user type, you purchase a total FUE count and allocate users under that allowance:
~0.2 FUE — light transactional usage
1.0 FUE — full business process access
~2.0 FUE — broad authorisations
A specialised analysis that reviews each user’s authorisations and maps them to FUE categories. Often delivered as an SAP Note, it simulates classification and calculates total FUE consumption for migration planning.
For subscription models, SAP provides cloud usage dashboards (SAP for Me). However, running your own measurements quarterly is essential to verify figures independently. SLAW/SLAW2 still consolidates multi-system data; the key difference is interpreting counts as FUE totals.
Always check that measurement tools are updated for S/4HANA via SAP Notes. If the classification logic isn’t loaded, all users may fall into an “unclassified” bucket.
SAP now uses a self-declaration approach: customers measure their own usage and report it back annually. While it feels routine, it carries the same weight as a formal audit.
SAP’s digital access licence model means certain document types generated via external systems incur licensing. The Digital Access Evaluation service scans audit logs to count relevant documents created indirectly.
Know which parts of your portfolio require self-counting — engines, add-ons, external metrics.
Run the digital access report regularly. Use RFC call logs and IDoc counts to gauge indirect transactions.
Slightly over-count for safety. Under-reporting risks penalties and back-maintenance fees.
Maintain an internal audit trail: tool reports, manual steps, and assumptions behind each number.
For digital access strategies, see SAP Digital Access Advisory Service.
Many enterprises use third-party SAM tools to optimise and cross-check licence usage beyond SAP’s native capabilities.
Smarter matching using HR data or SSO directories to identify duplicates more effectively.
Analyse actual transaction activity and suggest the most cost-effective licence classification per user.
Independent data acts as a second opinion — catch discrepancies before submission to SAP.
Simulate S/4HANA migration FUE needs, system consolidations, and forecast growth.
Third-party tools do not replace SAP’s measurement. You still run USMM/LAW for reporting. But these tools help manage and verify everything before that stage.
Run USMM/LAW weeks before the due date. Analyse in detail — look for anomalies that don’t match business changes.
Remove/deactivate former employees, duplicate test IDs. Involve HR and security teams.
If USMM reports 10,000 users but you have 9,000 staff, duplicates are inflating the count.
After cleanup, run again. Compare results with previous run to confirm fixes had the intended effect.
Document steps: users removed/reclassified, USMM SAP Note version, assumptions for manual metrics.
Schedule quarterly measurements. Catch compliance issues early.
Designate someone responsible who understands contract metrics.
Implement joiner/mover/leaver processes for SAP access.
Cross-verify USMM/LAW output with a secondary source.
Optimise and validate, but align with SAP’s contractual rules.
Follow SAP Notes and user group events for metric and tool updates.
If you use non-SAP front-ends, assume indirect usage exists. Measure it.
Exact usage figures give you leverage at renewals and true-ups.
Simulate a full audit yearly. Measure, consolidate, validate, and fix gaps.
Ensure IT, finance, and functional teams understand licence costs.
At minimum once a year, with quarterly mini-checks if possible. Regular measurements let you spot trends early. Align runs with fiscal year milestones or after new SAP module rollouts.
The process (USMM/LAW) is similar, but the licence model may differ. S/4HANA on-premises introduces FUE-aligned user types. In S/4HANA cloud (RISE), focus on total FUE consumption. SAP’s STAR report translates existing usage into FUEs. Digital access also becomes more prominent.
Use SAP’s Digital Access Evaluation tool to count documents created indirectly. To minimise costs: count only truly indirect documents, archive unnecessary auto-generated docs, and consider SAP’s Digital Access Adoption Program. A fixed-fee arrangement may work for high, stable usage.
Depends on complexity. SAP’s tools give compliance numbers but won’t optimise them. Third-party tools identify inefficiencies and simplify continuous monitoring. Small landscapes may manage with SAP tools alone; large enterprises often find the investment pays for itself.
Address it before submission. Try remediation (retire unused accounts, reallocate licences). If gaps remain, approach SAP proactively — negotiating on your terms is better than waiting for SAP to find the shortfall.
Whether preparing for an audit, navigating self-declaration, or planning an S/4HANA migration, Redress Compliance can help you measure, optimise, and defend your SAP licence position.
This guide is part of our SAP Audit Defense Guide pillar. Explore related articles: