A bunch of reasons leads our customers to choose a low-code platform like OutSystems on top of their SAP landscape.
Does this sound too good to be true? Well, it isn’t! But nevertheless, there are some issues that should be carefully considered. One of them is how to deal with SAP’s license model which these pages are about.
It almost sounds too good to be true, Connect, Search and use SAP Services in OutSystems. Is it really this simple. Of course, nothing is ever as simple in the IT world. From a technical perspective using a BAPI (Business Application Programming Interface is easy enough. But when you do apart from technical and functional SAP knowhow there are some subjects that need thorough observation. One of them being the license of SAP.
SAP is renowned for its unclarity on licensing models, however, with the new licensing they try to set foot in the new IT reality where AI, IoT, Robtized processes and Mobile apps force SAP to rethink the ERP core licensing strategy.
How does this new licensing model impact companies that run low-code platforms on top of SAP?
On these pages, we are trying to give you a digest of the implications. To read the full digest visit the SAP OutSystems LinkedIn group or contact B-Synergy for a license & security audit
The definition of Indirect access according to SAP is when people or things use and exchange data of the Digital Core without directly logging into the system. This could be the case if you use OutSystems on top of your SAP landscape and if that use is not an indirect static use, which generally will be the case.
Where in the past a user license was applicable on SAP-OutSystems scenario's, now the outcome-based license is needed to be compliant with the latest SAP rules.
The Outcome-Based License SAP is counting the amount of 9 document types that are initially created via indirect access.
SAP Offers a Note for SAP ECC that tells you the score of relevant counted documents. To prepare and start discussing with SAP or your SAP Partner B-Synergy has built an independent licence checker running on OutSystems. This Solution is offered both as-a-service as well as installed on your OutSystems Environment.
The license covers the total amount of documents created within one year times the multiplier and document price. Only the initially created document counts; no additional costs will be charged for reads, updates, deletes or creation of the additional documents automatically generated in the system when the first document is created.
Nothing changed with documents created by named users directly into the digital core; still, the user license is applicable. Therefore, in order to avoid any over-licensing, you should know exactly how your applications are being used internally.
Indirect Access could become a massively unpredictable cost factor. Make sure that you know your IT-Landscape in detail. An architectural diagram that includes details on data flow could help to understand where and how you are connected to SAP.
Make sure how is the authentication & authorisation process Implemented. Even large customers are still running Insecure SAP-OutSystems Integrations. Although architects or managers often claim they have everything under control, there is enough concrete evidence that most SAP customers running OutSystems on top of SAP ECC or S/4HANA did not implement any security at all. This situation is leaving your SAP fully open for attacks.
When you are uncertain if your SAP OutSystems Integration is secure, you can ask B-Synergy to do a 1 day SAP OutSystems security audit.
Many companies still integrate through an SAP system user, not only will that result in lacking traceability and make your SAP system hard to audit, but it is also a security risk.
The best way to mitigate these risks is to have a fully implemented Principal Propagation mechanism in place. B-Synergy can help you set up your principal propagation, but also give some advice on how to reduce the risk of developers making mistakes that will compromise not only your SAP system but your company as a whole!