The Two Reasons Organisations Overpay for FUEs in 𝗦𝗔𝗣 𝗖𝗹𝗼𝘂𝗱 𝗘𝗥𝗣 𝗣𝗿𝗶𝘃𝗮𝘁𝗲 (RISE with SAP) — And How to Avoid It
As SAP accelerates the transition to SAP Cloud ERP Private (formerly known as RISE with SAP), many organisations are weighing up the financial impact of moving to this new subscription-based model. RISE offers compelling benefits—simplified operations, cloud scalability, and a single SLA—but one critical factor often stalls the business case: licensing costs.
For many organisations, the projected cost of SAP under an SAP Cloud ERP Private contract appears prohibitively high. But in most cases, this isn’t because SAP Cloud ERP Private is inherently expensive. It’s because the organisation’s current SAP role design is not optimised for licensing, and as a result, they’re overpaying for Full Use Equivalents (FUEs).
The Hidden Cost: Inappropriate Role Design
The STAR licensing model introduced under RISE classifies users based on what they can do (authorisation assigned), not what they actually do. That means if even one high-tier authorisation is assigned, the user is counted at that higher User License category—regardless of whether they ever use that access.
The result? Organisations are unknowingly overstating their FUE requirements due to poor role design. This often makes the RISE business case appear unviable when, in reality, it’s the licensing exposure that’s inflated—not the value of the offering.
The Solution: Licensing by Design
To unlock the full value of RISE and avoid unnecessary costs, organisations must adopt a “licensing by design” approach to SAP role management. This means actively designing roles that are:
- Aligned to business requirements
- Minimised in access scope
- Clean from unused authorisations that inflate FUE counts
When done right, this approach can significantly reduce FUE requirements—turning the RISE business case from marginal to compelling.
Two Challenges Standing in Your Way
1. Expertise & Skillset
Historically, SAP security professionals focused on two primary dimensions:
- Transaction-level access (Tcodes, Fiori apps)
- Organisational level control (e.g., company code, plant)
Now, there’s a third layer: licensing impact. This significantly complicates role design. SAP authorisation resources now need to understand not only how access affects security and compliance, but also how it affects licensing costs.
There is a direct correlation between the expertise of your SAP security team and the number of FUEs your organisation ultimately pays for.
If the design team lacks this expertise, even well-intentioned projects can result in over-licensed, over-classified users—and ongoing financial waste.
2. Preparation Time
Role optimisation isn’t something you can fix overnight. Organisations need to plan well in advance of their RISE migration. There are typically two paths:
Option 1: SAP Role Clean-Up
A tactical approach to remove unused access and slightly adjust roles.
- ✅ Pros: Lower cost, minimal business disruption
- ❌ Cons: Limited impact on licensing, as structural issues often remain
Option 2: SAP Role Redesign
A full rebuild of your SAP roles from the ground up, with licensing efficiency in mind.
- ✅ Pros: Stronger long-term results, fewer FUEs
- ❌ Cons: Longer timeline, higher effort, more user testing, and adjustment
The more preparation time you allow yourself, the more FUEs you can potentially avoid.
Conclusion: Start Now for 2026
If SAP Cloud ERP Private is on your roadmap for 2026, the time to act is now. The organisations that succeed in building a strong financial case for RISE are those that:
Organisations should adopt a risk- and cost-informed approach to role design that factors in both operational efficiency and financial impact:
• Start with a licensing assessment
• Understand their current FUE exposure
• Know their optimisation options (and the time each takes)
Soterion’s SAP License Manager provides the tools and insights to assess, optimise, and monitor your SAP user licensing—at every stage of your S/4HANA journey.
Ready to take control of your FUE exposure?
Book a licensing assessment today and position your organisation to license with confidence by emailing us at [email protected]
Who is Soterion?
Soterion specialise in SAP security and License management, offering both market-leading technology and deep advisory expertise. With a proven track record in delivering robust, scalable, and easy-to-administer SAP authorisation solutions, we understand the practical challenges organisations face in managing access, compliance, and governance.
We pride ourselves on designing solutions that are not only technically sound but also intuitive and low in support overhead—ensuring ease of administration for IT teams and usability for business stakeholders. Our focus is on removing complexity and empowering business users to take ownership of their access risk management activities with confidence and clarity.
Soterion’s access control solution can be used very effectively during project phases to provide data-driven insights, simulate role designs, and validate access risk. This enables us to deliver audit-ready solutions that align with broader business objectives, including data privacy (privacy by design), licence optimisation (licensing by design), and scalable governance frameworks that support organisational growth.
