SAP FUE Optimisation: The STAR Rule Set’s Surprising Leniency
With the introduction of SAP Cloud ERP Private (formerly RISE with SAP), SAP now measures an organisation’s Full Use Equivalent (FUE) consumption by analysing the authorisations assigned to each user. This STAR measurement process evaluates access against a pre-defined STAR rule set.
SAP has released several iterations of this rule set. In some cases, the rules have become more favourable for SAP Cloud ERP Private customers; in others, they have become stricter, resulting in higher FUE consumption. However, as things stand today with rule set version 1.69, we believe the rule set is highly lenient.
What do we mean by this?
Consider a basic example. The table below shows the relevant authorisation field values for F_BKPF_BUK, one of the primary authorisation objects controlling Finance transaction codes and Fiori services.
Many of the commonly used ACTVT (Activity) values — such as:
- 01 – Create
- 02 – Change
- 03 – Display
- 10 – Post
- 77 – Pre-enter
— have all been classified by SAP as Self-Service.
Conversely, the less frequently used ACTVT values — such as:
- 22 – Enter
- 43 – Release
- C4 – Close Out
— are classified as Advanced.
The implication is that most Finance users posting journals via transaction codes such as FB01 and other FI posting transactions will fall into the Self-Service category, with only a small subset of users requiring Advanced activities.
This contrasts sharply with SAP ECC, where the vast majority of organisations would have classified anyone performing FI posting activities as Full Professional.
So where is the real problem?
Based on the current rule set, the STAR framework is very lenient. The real challenge is that most organisations’ SAP role designs were not created with licensing in mind. As a result, roles often contain unnecessary Advanced activities, inflating the organisation’s FUE consumption.
Where organisations are paying for significantly more FUEs than required, this is often a consequence of unsuitable role design, rather than the severity of the STAR rule set itself.
What does this mean for organisations?
For organisations willing to invest in aligning user access with actual usage — a “licensing by design” approach — the potential reduction in FUEs can be significant. In many cases, organisations may discover that their subscribed FUE count is driven more by infrastructure sizing than by genuine user-access requirements.
Over time, as more organisations refine and streamline their role designs, it is reasonable to expect the STAR rule set to become stricter. Should this happen, later adopters of SAP Cloud ERP Private may need to dedicate greater effort to optimising their role design or risk being forced to subscribe to a higher FUE count.
How Soterion Can Help
FUE Assessment
Soterion can perform a comprehensive FUE assessment that compares your current consumed FUE count — based on your existing SAP role design — with the best-case scenario FUE requirement derived from actual user-usage statistics. This assessment is suitable for organisations still on SAP ECC and evaluating a move to SAP Cloud ERP Private, as well as for those already on RISE and looking to optimise their subscription.
Business-as-Usual Optimisation
Soterion’s What-If Simulator not only identifies the SAP access-risk implications of each proposed role or access change before it is applied in SAP, but also shows the FUE impact of that change. This proactive approach enables organisations to maintain license compliance throughout their RISE subscription and avoid any mid-term FUE true-up costs.
If you have any questions or would like to see a demo, feel free to reach out to us by emailing [email protected]
