The SAP FUE Ownership Problem 

Soterion has assisted more than 80 organisations with FUE right-sizing initiatives, analysing actual user activity to ensure SAP role designs align with genuine business requirements rather than historical access allocations. Across these engagements, a consistent pattern has emerged. While the Full User Equivalent (FUE) model is still relatively new for many organisations and requires time to mature, the most significant challenge is rarely technical. Rather, it is establishing clear ownership and accountability for FUE consumption and the processes required to manage it effectively. 


Responsibility for FUE consumption often falls between organisational boundaries. IT may view access ownership as a business responsibility, while business functions such as Sales, Production Planning and Warehousing are typically focused on operational outcomes rather than license consumption. Finance, meanwhile, owns the contract and bears the cost of the licenses, but is generally removed from the day-to-day access decisions that ultimately drive that cost. The result is that no single function has both the accountability and influence required to effectively manage FUE consumption. 

The consequence is that FUE consumption is often managed reactively rather than proactively. Access decisions are made every day, users are provisioned, roles are modified, and additional access is granted, yet the licensing impact of those decisions is rarely considered at the point they are made. Over time, this can lead to unnecessary FUE consumption, avoidable license costs, and a growing disconnect between actual business requirements and the SAP role design intended to support them. 

This is not a new problem — but FUE makes it harder to ignore 

Ownership challenges have always been the Achilles’ heel for SAP access risk management. Access risk is business risk, so business users should be accountable, but they rarely have the visibility or the incentive to engage. Due to the technical nature of SAP authorisations, the problem gets pushed back to IT, who lack the commercial mandate to enforce it. And when SAP access risk management fails, the consequence has historically been an audit finding: uncomfortable, but survivable. 

FUE management is different. Getting it wrong does not result in an audit finding or control deficiency; it results in a direct financial cost to the organisation. In our experience, the risk of unnecessary FUE consumption is far more immediate and far more likely to materialise than many of the risks organisations devote significant time and resources to managing. This makes FUE ownership difficult to defer and even more difficult to ignore, which is why organisations should give careful consideration to where accountability for FUE consumption resides. 

Shared responsibility — but with a clear owner 

Because SAP authorisations sit across technical, operational, and financial boundaries, no single function can carry FUE governance alone. But shared responsibility without a clear leader tends to mean nobody leads. Here is how the responsibility needs to be divided:

IT is responsible for the technical design of SAP roles and should adopt a “Licensing by Design” approach. This means designing roles with both business requirements and FUE implications in mind, ensuring that users can be assigned access that enables them to perform their job functions while avoiding unnecessary license consumption. When role design is performed effectively, the business can provision users with confidence that the access granted is both appropriate and cost-efficient. 

Non-Finance business users also need to play their part. They need to understand the cost impact of over-allocating access, assigning access beyond what users genuinely need. Business managers should treat FUE exposure the way they treat headcount or travel costs: as a real cost centre item with accountability attached. 

Finance should be the overarching FUE owner. Finance carries the commercial authority that IT and business lack individually. Assigning Finance as the FUE owner means assigning someone with the clout to set policy, define risk tolerance, and determine when additional FUE capacity is warranted. Not as the approver of every access request, that would be impractical, but as the function that sets the rules and holds the line. Where Finance takes genuine ownership, things tend to get done. 

For FUE governance to be effective, organisations must identify the points at which access decisions influence FUE consumption and ensure that these are addressed within their policies and procedures. Assigning ownership is necessary, but not sufficient. Without the supporting policies, processes, and controls to guide behaviour, FUE ownership becomes accountability in name only.

The mechanism that makes it work 

Assigning ownership is necessary, but it is not sufficient. For business managers and access owners to make commercially responsible access decisions, they must be able to understand the commercial consequences of those decisions. Historically, access approval workflows have focused almost exclusively on security and compliance considerations, such as segregation of duties and access risk. However, in an FUE-based licensing model, approvers should also be provided with visibility of the licensing impact associated with a proposed access change.

The conversation that needs to happen 

As organisations transition to SAP Cloud ERP, we continue to encounter IT teams that are unaware of the number of FUEs their organisation has contracted for. This disconnect creates a significant governance challenge. If IT is expected to design and administer SAP roles in a manner that aligns with the organisation’s FUE entitlement, it must be given visibility of the licensing model, consumption targets, and commercial objectives. Effective FUE management cannot occur when key stakeholders are operating with only a partial view of the picture.

FUE consumption is ultimately a financial metric, but it is driven by thousands of access decisions made across the organisation every year. Managing it effectively requires Finance, IT, SAP Security, and the business to participate in a shared governance process, not just during contract negotiations or annual renewals, but as part of ongoing access management and role design activities. 

If your organisation cannot clearly answer the question of who owns FUE consumption, then in practice nobody does. And when accountability is unclear, consumption tends to drift upwards until it becomes visible in the monthly licensing figures. 

Not sure who owns FUE in your organisation? 

Soterion works with IT, Finance, and business stakeholders to establish clear FUE governance from understanding your current consumption position to embedding FUE visibility into day-to-day access workflows. Contact us to start the conversation. 

You may find this interesting