Indirect Access is SAP's legacy named-user-based framework for charging access to SAP data from non-SAP systems. Digital Access is SAP's 2018 document-based replacement, priced at $0.08 to $0.55 per document. The two frameworks coexist. Digital Access does not retire Indirect Access for read-only and analytical access scenarios, which means a customer can owe both a Digital Access fee and a separate Indirect Access exposure on the same SAP estate. Most SAP customers misunderstand the boundary, and SAP's auditors use the ambiguity to drive 30 to 70 percent settlement uplift. This page compares the two frameworks line by line and identifies the scenarios where each applies, where they overlap, and where the read-only gap creates compliance risk Digital Access does not address.
Indirect Access: the legacy named-user framework
Indirect Access is the original SAP framework for non-direct usage. It traces to SAP's original named-user licence terms in the 1990s. Every human and non-human entity that accesses SAP data, whether through the SAP GUI or through any intermediating system, requires a named-user licence.
The Indirect Access trigger is data flow. If data originates in SAP and reaches a human consumer through any path, the path constitutes indirect access. Common Indirect Access scenarios:
- Salesforce reading SAP customer master data for opportunity context.
- Microsoft Dynamics reading SAP order history for service quoting.
- An e-commerce platform reading SAP inventory levels for product availability display.
- A BI tool extracting SAP financial data for executive dashboards.
- A supplier portal reading SAP purchase order status.
- An IoT platform reading or updating SAP material movements.
Each downstream consumer of SAP data needs an SAP named-user licence under the Indirect Access framework. A Salesforce instance with 2,000 sales users that reads SAP customer data needs 2,000 SAP named-user licences, at a list cost of $4,860 per Professional User per year, or $9,720,000 annually. That figure is the SAP audit settlement starting position.
Digital Access: the 2018 document model
SAP introduced Digital Access in April 2018 in response to customer outcry over Indirect Access settlements (notably the AB Diageo case in the UK High Court, where the court ruled in SAP's favour against Diageo's named-user position). Digital Access replaces named-user-based charging with document-based charging for five document types created in SAP via indirect channels:
| Document type | Definition | 2026 list per document |
|---|---|---|
| Sales Order | VBAK record created via integration | $0.35 to $0.55 |
| Purchase Order | EKKO record created via integration | $0.35 to $0.55 |
| Service Order | AUFK record (service type) created via integration | $0.35 to $0.55 |
| Production Order | AUFK record (production type) created via integration | $0.35 to $0.55 |
| Goods Movement (Material Document) | MKPF record created via integration | $0.35 to $0.55 |
The list rate scales down with volume to $0.08 per document at 50M+ documents per year. See SAP Digital Access Pricing 2026 for the full volume tier table and negotiated bands.
The boundary between the two frameworks
Digital Access covers write operations that create one of the five document types via integration. Indirect Access covers everything else, including:
- Read-only access to SAP data from any non-SAP system.
- Analytical extraction (data warehouse, BI, reporting tools).
- Master data synchronisation from SAP to non-SAP systems.
- Update operations on existing SAP records that do not create new documents.
- Document types outside the Digital Access five (Goods Receipt without movement, Quality Notification, Customer Master changes).
The boundary creates the dual-exposure scenario. A customer with both an e-commerce platform creating Sales Orders in SAP (Digital Access) and a Salesforce instance reading customer master data from SAP (Indirect Access) owes both: a Digital Access volume charge for the Sales Orders, and a separate Indirect Access named-user exposure for the Salesforce population.
| Scenario | Framework | Charged on |
|---|---|---|
| E-commerce platform creates Sales Orders in SAP | Digital Access | Per Sales Order document |
| Salesforce reads SAP customer master | Indirect Access | Per Salesforce user as SAP named user |
| BI tool extracts SAP financial data nightly | Indirect Access | Per BI user as SAP named user |
| Supplier portal reads SAP PO status (no write) | Indirect Access | Per supplier portal user |
| IoT platform creates Goods Movement records | Digital Access | Per Goods Movement document |
| HR system updates SAP employee master | Indirect Access (no new document) | Per HR system user |
The read-only gap Digital Access does not cover
The single most important commercial fact about Digital Access is that it does not cover read-only access. A customer who signs a Digital Access agreement believing it resolves all indirect SAP exposure is wrong. SAP retains the right to pursue Indirect Access claims for read-only and analytical access scenarios, even after a Digital Access agreement is signed.
The read-only gap is the most common audit finding in 2024 to 2026 SAP audits. Customers who converted to Digital Access in 2019 to 2022 are now being audited for read-only Indirect Access exposure that was never resolved.
Read-only principle: a Digital Access agreement must include explicit contractual language waiving SAP's right to pursue Indirect Access claims for read-only access scenarios in the customer estate. Without the waiver, the customer is exposed twice. Negotiating this waiver is the single highest-impact commercial term in a Digital Access conversion.
DAD program: when conversion makes sense
SAP's Digital Access Adoption (DAD) program offers a 90 percent first-year discount on Digital Access pricing for customers who convert legacy Indirect Access exposure to Digital Access. The DAD program is attractive on first read and carries three commercial considerations.
First, DAD requires audit acceptance. The customer accepts SAP's measurement of historical Indirect Access exposure as part of the program. The acceptance closes the legacy question but anchors the future Digital Access commitment at SAP's measurement.
Second, DAD applies only to year one. Subsequent years revert to negotiated Digital Access pricing against the locked volume commitment.
Third, DAD requires a long-term commit (typically five years). Exiting before term triggers a true-up at full list rate, eliminating the DAD discount retroactively.
DAD is the right answer when: the customer has unresolvable legacy Indirect Access exposure (existing audit claim, undocumented historical access pattern), the customer's actual Digital Access volume forecast is within 20 percent of SAP's proposed volume, and the customer is committed to remaining a major SAP customer for the full term. Outside those conditions, an independently modelled Digital Access agreement plus a separate Indirect Access waiver delivers better long-term economics.
Cost comparison: legacy versus Digital Access for the same estate
A worked example for a Fortune 500 manufacturer with mixed indirect access:
| Indirect channel | Annual volume | Indirect Access exposure (list) | Digital Access exposure (list) |
|---|---|---|---|
| E-commerce (creates 2.4M Sales Orders) | 2.4M documents | 3,500 customer-facing users at $4,860 = $17M | 2.4M docs at $0.38 = $912,000 |
| EDI from suppliers (creates 4M Purchase Orders) | 4M documents | 800 supplier users at $4,860 = $3.9M | 4M docs at $0.35 = $1.4M |
| Salesforce reading customer master (read-only) | N/A | 2,000 Salesforce users at $4,860 = $9.7M | Not covered. Still owed. |
| Tableau BI extraction (read-only) | N/A | 180 Tableau users at $4,860 = $875K | Not covered. Still owed. |
| Total Indirect Access list | $31.5M | ||
| Total Digital Access list (writes only) | $2.3M | ||
| Remaining Indirect Access exposure (reads) | $10.6M |
Digital Access reduces the list exposure on document-creating channels by 90 to 95 percent. The read-only Indirect Access exposure remains. The combined cost of Digital Access plus the Indirect Access waiver, fully negotiated, lands at $1.4M to $2.2M per year, compared to a list Indirect Access exposure of $31.5M.
Decision framework: which approach for which customer
The decision is structured by two variables: the customer's indirect access volume pattern and the customer's appetite for litigation risk on legacy Indirect Access exposure.
| Customer pattern | Recommended path |
|---|---|
| Heavy document creation through integrations, minimal read-only indirect access | Digital Access agreement, negotiated against right-sized volume. No DAD. |
| Mixed write and read indirect access, existing audit exposure | DAD program with explicit read-only waiver, or Digital Access plus separately negotiated Indirect Access settlement. |
| Predominantly read-only indirect access (BI, reporting, analytical) | Indirect Access framework remains. Negotiate named-user counts down to actual unique consumers, not provisioned accounts. |
| No current Indirect Access exposure but planning new integrations | Digital Access framework for new write integrations. Indirect Access for new read integrations. Negotiate proactively before the audit. |
| Major SAP estate planning RISE conversion | Roll indirect access into RISE FUE pricing, negotiated as part of RISE commercial terms. See RISE Negotiation. |
Indirect access in active SAP audit
The audit response framework differs by which framework is being asserted. SAP auditors will assert both, in sequence, to maximise settlement value:
Phase 1: Indirect Access claim. SAP submits an initial claim against the customer's full indirect-access estate using the named-user framework. The claim is typically $15M to $80M for a Fortune 500 customer.
Phase 2: Digital Access "settlement offer". SAP offers Digital Access conversion at DAD pricing as a "settlement" alternative. The DAD offer is anchored to SAP's measurement of historical exposure, not the customer's independently modelled exposure.
Phase 3: Customer counter-position. The customer's audit-defence advisor produces independent modelling of both write-volume (Digital Access defensible position) and read-only access (Indirect Access negotiable position with named-user count corrections). The combined counter-position is typically 30 to 70 percent below SAP's claim.
For active audit-response strategy, see SAP Audit Defence and the broader Audit Defence Guide.
The two frameworks coexist, plan for both
Digital Access is not a replacement for Indirect Access. It is a document-based alternative for write-creating indirect access scenarios. Read-only and analytical access remain governed by Indirect Access. A complete commercial position addresses both: a Digital Access agreement for document-creating integrations, and an explicit Indirect Access waiver or right-sized named-user position for read-only access.
Key contract clauses to negotiate
Six contract clauses materially affect the long-term cost and risk position of a Digital Access agreement. Each clause should be explicit and customer-favourable:
Read-only access waiver. Explicit language waiving SAP's right to pursue Indirect Access claims for read-only and analytical access scenarios in the customer estate. Without this clause, the customer remains exposed to Indirect Access claims even after a Digital Access agreement is signed.
Volume true-down right. Right to reduce committed Digital Access volume at contract anniversary if actual consumption is materially below committed. Standard contract does not include this. Negotiated contracts include it at 70 percent threshold or below.
Overage cap. Cap on overage charges as a percentage of annual committed value, typically 10 to 15 percent before contract amendment is required. Uncapped overage is the standard contract position and creates unbudgeted exposure.
Volume carry-forward. Unused committed volume rolls forward 12 months instead of forfeiting at year-end. Granted in 25 to 35 percent of enterprise negotiations.
Historical exposure waiver. Explicit closure of all pre-agreement Indirect Access claims. SAP retains the right to pursue legacy claims unless the waiver is explicit. The waiver should reference both Indirect and Digital Access exposure.
Audit acceptance limitation. Limitation on SAP's audit rights to specific document types and specific systems, with audit notice requirements and limited frequency (typically once per 24 months). Standard contract allows broad annual audit; negotiated contracts limit scope and frequency.
For the broader SAP licensing framework, see the SAP Licensing Complete Guide. For the document-pricing detail, see SAP Digital Access Pricing 2026. For named-user-type pricing relevant to Indirect Access settlements, see SAP User Types Compared. For broader audit defence, see SAP Audit Defence, and for SAP vendor positioning see SAP vendor intelligence. To engage on a current Indirect or Digital Access exposure review, see Vendor Audit Defence.