The Silent Cost of SAP Licensing: Why Role Design Matters More Than Ever

August 22, 2025 By Soterion

As organisations move to SAP S/4HANA and SAP Cloud ERP Private (formerly RISE with SAP), licensing has emerged as a major cost consideration—often undermining the business case for cloud transformation. But the real issue isn’t the cost of SAP itself. It’s the hidden cost of how your SAP roles are designed.

Under SAP’s STAR licensing model, user classifications—and therefore license costs—are determined not by what users actually do, but by the authorisations they’re assigned. Even if a user never touches an advanced function, the simple fact that it’s in their role pushes them into a higher Full Use Equivalent (FUE) category.

This is where role design becomes a financial risk. Most legacy role designs were built with operational or compliance goals in mind—not licensing efficiency. As a result, organisations often overstate their FUE needs before even signing an SAP Cloud ERP Private (RISE) contract. Worse still, once that baseline is set, it’s locked in for the duration of the subscription.

The Role Design Trap

Three things commonly go wrong:

Overclassified Users – Users receive access they don’t need, placing them in higher license tiers.
License Creep – Minor changes to widely used roles can trigger FUE increases across hundreds of users.
No Usage Validation – Without measuring what users actually use, there’s no feedback loop to optimise roles

These problems are often invisible—until your next monthly STAR measurement (or annual for on-premise customers). By then, it’s too late to unwind inflated commitments.

A Smarter Approach: Licensing by Design

Instead of treating licensing as an afterthought, organisations must embed licensing logic into their role design strategy. This means:

Aligning roles tightly to actual business requirements
Removing unused access to avoid unnecessary classification
Continuously monitoring FUE-impacting changes

Soterion’s SAP License Manager enables this approach by analysing three critical data points:

FUE count based on current role design
Clean-up potential to reduce over-assignment
Best-case FUE count based on actual system usage

These insights can be used to plan migrations, optimise licensing, and strengthen your negotiating position with SAP.

Time Is Your Biggest Advantage

Whether you’re planning a move to SAP Cloud ERP Private (RISE) or are already there, timing matters. The earlier you assess and clean up your roles, the more control you have over your licensing future. Conversely, delaying optimisation means accepting inflated costs for the duration of your contract

There is a tendency to over-assign access in SAP. By defining an access risk tolerance KPI, organisations can measure the gap between potential access risks introduced by role design and the actual risks based on real user activity—enabling more informed and targeted remediation.

Conclusion

Role design is no longer just about compliance—it’s a financial control. Organisations that adopt “licensing by design” can turn SAP licensing into a strategic advantage—those who don’t risk paying more than they need to, year after year.

Interested in optimising your SAP licensing?

Contact Soterion today for a personalised SAP License Assessment and find out your best-case licensing scenario.

More about Soterion

We don’t just talk about security; we deliver robust, scalable, and easy-to-administer SAP authorisation solutions. We understand the practical challenges organisations face in managing access, compliance, and governance, and our proven track record shows we know how to solve them.

Our pride lies in designing solutions that aren’t just technically sound, but also intuitive and low-maintenance. This ensures that our solutions are easy for IT teams to administer and straightforward for business stakeholders to use. By removing complexity, we empower business users to take ownership of their access risk management with confidence and clarity.

During project phases, our access control solution can be used to provide data-driven insights, simulate role designs, and validate access risks. This enables us to deliver audit-ready solutions that align with broader business objectives, including data privacy, license optimisation, and scalable governance frameworks that support organisational growth.

If you have any questions or would like to see a demo, feel free to reach out to us by emailing [email protected]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The Silent Cost of SAP Licensing: Why Role Design Matters More Than Ever

You may find this interesting

Type [To] Search

The Silent Cost of SAP Licensing: Why Role Design Matters More Than Ever

You may find this interesting

The Silent Cost of SAP Licensing: Why Role Design Matters More Than Ever

DSAG Jahreskongress Conference – 16 to 18 September 2025

What is your Organisation’s SAP User License Tolerance Level?

Type [To] Search