S/4 HANA Licence Optimisation

S/4HANA User Licence Optimisation:
Eliminating the “Role Creep” Liability

A Technical 2026 Guide for UK Enterprises Navigating the Shift from Legacy Named Users to the FUE Model.

The Death of Manual User Classification

For two decades, SAP licensing was a “manual” game. In the legacy ECC 6.0 world, the responsibility for classifying users sat squarely with the Basis team or the SAP Security lead. You decided who was a “Professional User,” who was a “Limited Professional,” and who was an “Employee.” This was often done based on job titles or a gut-feel of what a person did in the system. While it was inefficient, it gave organisations a sense of control; you could manually move a user to a cheaper licence type to save money before the annual audit.

As we move into 2026, that manual control has evaporated. With the shift to S/4HANA and RISE with SAP, the licensing paradigm has fundamentally changed. SAP has replaced the old user types with the Full Usage Equivalent (FUE) model. No longer is it about what you *decide* to call a user; it is about what that user has access to do within the system. Telemetry now trumps manual intent.

SAP User Licence Evolution

The move to S/4HANA represents a “Licensing Reset.” SAP’s automated auditing tools now scan the actual Authorisations assigned to a user profile. If a user has the “Access” to perform a Professional task—even if they haven’t touched that transaction in five years—SAP’s telemetry will classify them at the highest, most expensive tier. This shift from “Usage-based” to “Access-based” licensing is the single biggest financial shock facing UK enterprises today.

While we have discussed the separate liability of Digital Access, the human user cost remains the core driver of the SAP bill. For a global organisation, failing to understand the difference between these two models can lead to a “Blank Cheque” scenario during an S/4HANA migration.

45%Avg. Over-Licensing due to Access Bloat
1:1FUE Ratio for Advanced Users
£3.5k+Typical Cost per Advanced User

The “Big Shock”: Role Creep Meets Telemetry

Why do most UK companies experience a massive price hike when they switch to S/4HANA or RISE? The answer lies in Role Creep. Over 10, 15, or 20 years of running SAP ECC, user roles have become bloated. When a new person joins a department, it is common practice to “copy the profile” of an existing colleague. This colleague, in turn, had their profile copied from someone else five years prior.

This creates a “Snowball Effect” of permissions. A Junior Accountant might technically have the authorisation to perform high-level Treasury functions or modify system configurations simply because their role was inherited from a senior predecessor. In the old world, you simply ignored this and classified them as a “Light User” on your spreadsheet. In the S/4HANA world, the telemetry sees those Treasury permissions and automatically bills you for a “Professional” (or “Advanced”) licence.

SAP Role Creep Analysis
“Transitioning to S/4HANA with legacy roles is like moving into a high-tech smart home while still carrying every single key you’ve ever owned. SAP will charge you for every room you *could* enter, not just the ones you actually inhabit.”

Decoupling Authorisation from Liability

The core of the problem is that SAP’s new model penalises Potential rather than Performance. This is why “Role Redesign” is no longer just a security task; it is a financial imperative. To optimise your SAP estate in 2026, you must decouple what a user *can* do from what they *must* do. This requires a level of granularity that human eyes simply cannot achieve.

Consider the “Advanced” vs. “Core” user tiers in S/4HANA. An Advanced user costs significantly more than a Core user. Often, the difference between the two is just a handful of sensitive transactions (T-codes) that the user hasn’t accessed in years. Without high-end tooling to identify these “dormant permissions,” you are effectively paying a premium for a service that isn’t being utilised. This is “Licence Waste” at its most profound level.

This is where many UK organisations feel the “Big Shock.” They sign an S/4HANA contract based on their current user counts, only for the first automated audit to reveal that 60% of their “Light Users” are technically “Advanced” due to role bloat. The result? A mid-migration bill for millions of pounds in “True-Up” fees that were never factored into the business case.

Why Manual Spreadsheets Cannot Solve the Crisis

Faced with this risk, many procurement teams reach for their trusty spreadsheets. They attempt to manually map every user to a new FUE type. This approach is doomed to fail for three reasons: Scope, Dynamics, and Defence.

Scope: An average enterprise has thousands of users and tens of thousands of authorisation objects. Manually checking which specific object triggers an “Advanced” licence upgrade is a task that would take a Basis team months, by which time the data is already out of date.

Dynamics: Roles change. People move departments. “Emergency Access” is granted and never revoked. A spreadsheet is a static snapshot of a dynamic problem. You need a “Heartbeat” view of your licence posture that updates as your organisation moves.

Defence: When SAP’s GLAC (Global Licence Audit and Compliance) team presents their telemetry-based findings, they don’t accept “we didn’t mean to give them that access” as a defence. You need a tool that provides a **Technical Counter-Audit**—a way to prove exactly where roles are bloated and how they have been remediated before the bill is finalised.

Automated SAP Audit Defence

The Path to Optimisation: A 3-Step Framework

To avoid the “Big Shock” and secure a sustainable licence posture, UK enterprises must adopt an automated, data-driven approach:

  • 1. Usage vs. Authorisation Analysis: Use high-end tooling to compare what users *actually do* against what they *can do*. This identifies the specific transactions that are pushing users into more expensive tiers.
  • 2. Automated Role Pruning: Instead of manual redesigns, use tools to automatically strip away unused, high-cost authorisations. This “shrinks” the licence profile without impacting business operations.
  • 3. Continuous Compliance: Establish a “Clean Core” governance model where licence impact is checked *before* a new role is assigned. This prevents Role Creep from returning.

Conclusion: Strategic Governance is the New ROI

In the 2026 SAP landscape, the organisations that thrive are those that treat licensing as a technical architecture problem, not a procurement negotiation. The shift to S/4HANA and RISE is an opportunity to shed 20 years of legacy bloat and move to a lean, transparent, and predictable licensing model. However, this transition cannot be achieved through willpower alone. It requires the precision of high-end optimisation tooling.

Investing in the right tooling is the difference between a successful digital transformation and a project stalled by unbudgeted compliance costs. By gaining total visibility into your user authorisations and proactively managing Role Creep, you move from a position of “Audit Fear” to a position of “Strategic Control.” Your SAP estate becomes a predictable engine for growth, rather than a hidden liability waiting to be triggered by an automated telemetry scan.

The “Big Shock” is avoidable, but only for those who act before the migration begins. The time to clean your house is before you move, not after you’ve been handed the bill for the extra rooms you didn’t know you had.

Speak to an SAP Licensing Expert

Don’t navigate the S/4HANA migration or a GLAC audit in the dark. Contact our UK-based team for a confidential review of your licence exposure.

Email: info@tangotec.co.uk | Call: 01905 621108

Or leave your details below and a senior architect will be in touch:

We’ll never send you spam or share your email address.
Find out more in our Privacy Policy.