How Redress Compliance helped a 12,500-employee UK financial services organisation eliminate over-provisioned SAP Professional licences, redesign role-to-licence mappings, and implement sustainable governance, saving millions of pounds annually without affecting business operations.
A UK-based financial services organisation with 12,500 SAP users was facing rapidly rising SAP costs. Licensing had become one of the company's largest IT expenses, but the root cause was not growing usage. It was systemic over-provisioning of expensive licence types.
| Profile | Detail |
|---|---|
| Industry | Financial Services |
| Location | United Kingdom |
| Employees | 12,500 |
| SAP Users | 12,500 named users |
| Engagement | SAP Named User Licence Optimisation |
| Primary Issue | Over-provisioned Professional licences driving excessive costs |
Many users needed only basic functionality (viewing records, submitting forms, running simple reports) but were granted roles that triggered the most expensive SAP Professional licence tier. The default practice was to grant broad access "just in case," which drove up costs with every new user provisioned.
There was no process to tie job functions to the correct SAP licence type. Service staff with limited needs had roles that included financial transaction permissions, triggering the expensive Professional licence tier when a Limited Professional or Employee licence would have been sufficient.
The SAP estate contained dormant accounts from staff who had changed roles or left the organisation, plus duplicate accounts that had never been cleaned up, all carrying active licence costs.
Over-provisioned access meant users had permissions far beyond their actual needs, creating not just unnecessary cost but also security and audit risk in a highly regulated financial services environment. The goal: reduce named-user licence costs without affecting business operations or compliance, and put governance in place to prevent recurrence.
Each user's transaction history was reviewed to determine real system usage patterns. This revealed the gap between what users were licensed to do and what they actually did, the foundation for every subsequent optimisation decision.
Many users had been given access far beyond their daily tasks. The analysis compared actual transaction codes executed against licence type requirements, identifying hundreds of users classified as Professional who only performed Limited Professional or Employee-level activities.
| SAP Licence Type | Typical Use Case | Relative Cost |
|---|---|---|
| Professional | Full transactional access (finance, supply chain, etc.) | Highest |
| Limited Professional | Restricted transactional access (approvals, basic data entry) | Medium |
| Employee (ESS) | Self-service only (leave requests, expenses, personal data) | Lowest |
New job-specific role profiles were created: finance clerks, HR assistants, sales analysts, and other standardised roles, with access limited to exactly what was required for each function. This eliminated the "just in case" approach that had been inflating licence costs.
Hundreds of users were reclassified from Professional to Limited Professional or Employee licences based on actual usage patterns and redesigned role profiles. Dormant and duplicate user accounts were identified and removed. Licence simulation tools validated cost impacts and ensured no access disruption before any changes went live.
Security teams were trained to assign appropriate roles moving forward, preventing future licence creep. New provisioning workflows ensured that every new user or role change triggered a licence-type assessment, making over-provisioning structurally impossible rather than relying on manual vigilance. See SAP Limited Professional Licence Guide.
The optimisation delivered a 28% reduction in SAP named user licence costs, translating to millions of pounds in annual savings. Achieved entirely through role-based reallocation without purchasing any additional software or services.
Tighter role alignment meant fewer users with unnecessarily broad access, reducing segregation-of-duties risks and improving internal control in a heavily regulated financial services environment.
With new governance processes in place, the company now has long-term control over SAP licensing and costs. The role-to-licence framework is self-sustaining, preventing the gradual over-provisioning that created the original problem.
"We realised we were paying top-tier licence costs for users who barely used the system. By redesigning how roles map to licences, we saved a massive amount without sacrificing access." The engagement was not just a savings exercise. It gave the organisation a repeatable way to control licence growth and stay audit-ready.
Transaction-level usage analysis revealed the true picture. Without data, the over-provisioning would have continued unchallenged. "Just in case" is the most expensive default in SAP licensing.
Linking SAP access to real job roles (not individual requests) created a scalable, repeatable framework. Every future provisioning decision now has a clear licence-type outcome built in.
Validating every change with licence simulation tools before going live ensured zero business disruption, the most critical requirement in a financial services environment.
The biggest risk in licence optimisation is regression: costs creeping back up over time. Embedding governance into provisioning workflows makes the savings structural, not one-off.
Redress Compliance brought deep knowledge of SAP's licence types, measurement rules, and optimisation techniques, ensuring every reallocation was compliant and defensible in an audit scenario.
Role-based licence optimisation analyses what each SAP user actually does in the system (their transaction history) and maps that activity to the lowest-cost licence type that covers their needs. Users performing only basic tasks (viewing records, submitting forms) are reclassified from expensive Professional licences to lower-cost Limited Professional or Employee licences. The approach is data-driven, not assumption-based, and typically identifies 30 to 50% of Professional users as reclassification candidates.
Savings vary by organisation, but 20 to 35% reduction in named user licence costs is typical. The key variables are the percentage of users currently over-provisioned (usually 30 to 50% of Professional users), the cost differential between licence tiers (Professional is 30 to 50% more expensive than Limited Professional), and the number of dormant/duplicate accounts that can be eliminated. For a 12,500-user estate like this case study, the annual savings run into millions.
No, if done correctly. The methodology analyses actual transaction usage over 12 months to identify users whose real activity is confined to a single module or basic functions. Only users whose activity is genuinely within the scope of a lower-cost licence type are reclassified. Business unit managers validate every reclassification before execution. Licence simulation tools verify that no access disruption occurs before changes go live.
Governance is the critical factor. New provisioning workflows ensure that every new user or role change triggers a licence-type assessment. Dedicated role templates for each licence type (LP-FI-AP for accounts payable, LP-SD-ORDER for sales order processing) enforce module-level access restrictions. Quarterly reviews detect any drift. Without governance, costs typically return to pre-optimisation levels within 18 to 24 months.
Yes. SAP's licensing model explicitly provides for different user types at different price points. Reclassifying users to the licence type that matches their actual usage is not only compliant, it is exactly how SAP intends the model to work. The key compliance requirement is that security roles enforce the licence scope: a Limited Professional user must not have authorisation to execute transactions outside their designated module. Proper role design is both the optimisation mechanism and the compliance mechanism.
Typically 8 to 12 weeks from initial analysis to implemented reclassification and governance framework. Phase 1 (usage analysis and over-provisioning identification): 3 to 4 weeks. Phase 2 (role redesign and simulation): 2 to 3 weeks. Phase 3 (reclassification execution and governance implementation): 3 to 5 weeks. The timeline depends on the size of the user population and the complexity of the role landscape.
Redress Compliance provides independent SAP advisory for named user licence optimisation: usage analysis, role-to-licence mapping, reclassification execution, governance implementation, and audit defence. We typically deliver 20 to 35% reductions in named user licence costs within 8 to 12 weeks. Complete vendor independence. No SAP partnerships, no resale commissions.
SAP Advisory ServicesIndependent SAP advisory helping enterprises optimise named user licence costs through role-based analysis, reclassification, and sustainable governance. Fixed-fee engagement models.