Indirect access is the licensing exposure created when people or systems use SAP data without logging in to SAP directly — and over the past several years SAP has fundamentally changed how it measures and charges for it. The old model treated indirect use as a named-user problem: if an external system touched SAP on behalf of users, SAP could claim each of those users needed a named-user licence. The current model, digital access, instead counts the documents that indirect use creates in defined categories and charges per document. For organisations running integrations, APIs, e-commerce front ends, or robotic process automation against SAP, this is one of the most consequential licensing changes of the decade. It is closely tied to the way SAP packages and prices that exposure through the support and maintenance relationship, which is why it belongs in any serious review of SAP cost.
What indirect access actually means
Direct access is straightforward: a person logs in to an SAP GUI or Fiori app with their own credentials, consuming a named-user licence. Indirect access is everything else — value flowing into or out of SAP through another channel. A customer placing an order on your website that posts a sales document into SAP. A logistics platform reading delivery data through an API. A bot that creates purchase requisitions overnight. A reporting tool that pulls SAP data into a dashboard consumed by hundreds of people who never log in to SAP. In each case, SAP's software is doing work, and SAP's position is that work must be licensed even though no human touched the SAP screen.
The dispute that defined the topic was never about whether indirect use exists. It was about how to count and price it. Counting it by the number of downstream humans produced enormous, unpredictable claims and a wave of contention between SAP and its customers. Digital access was SAP's attempt to replace that with something measurable.
The shift from named-user claims to document counting
Under digital access, SAP defines a set of document types that represent the outcomes of indirect use, and licensing is based on the initial creation of those documents in the system. The commonly referenced categories cover documents such as sales, purchase, invoice, manufacturing, material, service, financial, and time-management records. You license the documents the system creates as a result of indirect access; you are not charged again each time an already-created document is read or processed downstream. The intent is that a single, measurable event — the creation of a defined business document — is the unit you pay for, rather than the unbounded population of people or systems that might touch it.
The core change in one line: indirect access moved from "how many humans sit behind that interface?" to "how many qualifying documents does the interface create?" The first is contestable and frightening; the second is countable and, crucially, plannable. The risk did not disappear — it became something you can measure and manage before SAP measures it for you.
Why the API angle matters now
Modern SAP estates are more connected every year. S/4HANA is built around APIs, the Business Technology Platform encourages extension and integration, and the typical enterprise now has dozens of systems exchanging data with SAP automatically. Every one of those connections is a potential digital-access event generator. The licensing question is no longer an edge case for a handful of integrations — it is a structural property of how the estate is built. An organisation that maps its license position only against named users and ignores its document-creating interfaces is measuring half of its exposure.
This is also where measurement timing matters. SAP's tooling can report digital-access document volumes, and a measurement or audit will surface them whether or not you have planned for them. The organisations that fare best are the ones that ran their own document analysis first, understood which interfaces generate which document types, and walked into the conversation with their own numbers. The ones that fare worst discover their document volumes for the first time in SAP's report.
| Dimension | Legacy indirect-access model | Digital access model |
|---|---|---|
| Unit of measure | Named users behind the interface | Defined business documents created |
| Predictability | Low — open-ended user counts | Higher — countable document volumes |
| What triggers a charge | Indirect use attributed to humans | Initial creation of a qualifying document |
| Buyer defence | Dispute the user attribution | Measure documents; right-size before audit |
Migration and adoption paths
Customers do not all sit under the same model. Some remain on legacy contracts where indirect use is still governed by older named-user language; some have adopted digital access through a dedicated transition program; and new S/4HANA agreements are generally written around digital access from the start. SAP has offered structured routes to move existing customers onto the document model, typically with credit mechanisms intended to ease the transition. The details of those routes, and whether they favour a given customer, are covered in our dedicated piece on the SAP Digital Access Adoption Program. The decision of whether and when to adopt is genuinely two-sided: for some estates the document model is cheaper and safer, for others the legacy terms are more favourable and worth preserving.
How buyers should respond
Inventory your interfaces
Build a register of every system, API, bot, and front end that exchanges data with SAP. For each, record the direction of flow and the document types it can create. This register is the foundation of every later decision and is something most organisations have never assembled.
Measure document creation, not just users
Quantify the qualifying documents generated by indirect access over a representative period. This is the number that drives digital-access cost, and producing it yourself — before any measurement — converts an unknown liability into a planning input.
Separate genuine indirect use from internal noise
Not every document is a chargeable digital-access event. System-internal processing, documents created by already-licensed direct users, and duplicate or reversal records need to be understood and correctly excluded so that you are not over-counting your own exposure. Getting this distinction right is the difference between a defensible position and an inflated one — and it connects directly to how your human users are classified, the subject of our guide to mapping licenses to S/4HANA roles.
Decide the model deliberately
Treat the choice between legacy indirect-access terms and digital access as a commercial decision backed by your own measurement, not a default driven by SAP's preference. Whichever way the numbers point, you want to enter the negotiation having already done the arithmetic.
The bottom line
SAP's indirect-access rules have shifted from a frightening, open-ended named-user claim to a measurable, document-based metric — and that shift rewards organisations that measure their own exposure before SAP does. The API-connected modern estate makes this a structural issue, not an edge case: every integration is a potential document generator, and the only durable defence is an inventory of interfaces and a credible count of the documents they create. For a structured review of indirect-access exposure or a digital-access decision, see our SAP licensing experts, and for the broader cost picture, the SAP third-party support comparison.