SAP Licenses

Former Member · ‎11-19-2013

Dear Experts,

We 100% complied as far as SAP multiple logons(SAP Named Users) are concern. We have implemented 100% single signon logins in our firm. Now my we have some doubt about it. Pls read below scenario:

We have two marketing head in our firm. Both are using same login. One is using this login from 10:00 am to 02:00 pm and other one is using it from 02:00 pm to 06:00 pm. There are no multiple logons. Is it legal or not? Does any one has authorized document for it.

Regards,

Shaligram

Former Member · ‎11-19-2013

Hi Shaligram,

You can disable the multiple logon using parameter login/disable_multi_gui_login.

This should be good for sap license audit purpose.

Regards

Gajanand Gupta

Former Member · ‎11-19-2013

Dear Gajanand,

We have already implemented this for every user.

Now my point is :

"We have two marketing head in our firm. Both are using same login. One is using this login from 10:00 am to 02:00 pm and other one is using it from 02:00 pm to 06:00 pm. There are no multiple logons. Is it legal or not? "

"Does any one has authorized document for it."

Regards,

Shaligram

Former Member · ‎11-19-2013

Hi Shaligram,

As you have already disabled the multiple logon. then system will not allow to any user to logon into multiple sessions. and this should be legal and for sure you can check the table USR41_MLD.

Here you will find the Detail of per user multi -Logon detail.

The field 'Counter' tells you how many times the user have done a multiple logon

you can find documentations at https://service.sap.com/licenseauditing

Regards

Gajanand

Former Member · ‎11-19-2013

Ok. Let me ask you one more thing....

For Example, I have two users with name EMP1 and EMP2 and I have one SAP single signon login XY1.

Now EMP1 is using XY1 between 10:00 am to 01:00 pm and EMP2 is using XY1 between 02:00 pm to 06:00 pm.

Now in above scenario i have assigned XY1 login to EMP1 and EMP2.

So my question is , Can multiple employees allowed to use same login at different time? Is it legal?

Regards,

Shaligram

Former Member · ‎11-19-2013

Shaligram Dodia wrote:
So my question is , Can multiple employees allowed to use same login at different time? Is it legal?
Regards,
Shaligram

Hi,

That scenario does not comply with any SAP Licence agreement that I have reviewed.

Lots of them are different so I wouldn't rule out the possibility that someone has negotiated it before.

Former Member · ‎11-19-2013

Hi,

Besides license issues, I also think that the auditors are not a big fan of this solution. How can you tell who did what in your system if people are using the same account?

I would always recommend to give everybody a own user id.

Colleen · ‎11-20-2013

Is it legal or not?

You question is: are you compliance with your contractual obligations with SAP or not? Not have you broken a law.

Your next question should be what is the risk is having two people "own" or "use" the same Id?

As Mehta has mentioned, how are you going to prove who used that account? What happens if someone is accused of fraud or inappropriate conduct. How will you approve shift handover occurred? You are claiming the account belongs to two people. If not, one user is now sharing their password with another

From another point of view: What is your business requirement for using the same account? Did you have a license quota to adhere to, is it a business process issue (i.e. they approve same workflow). What was the reason for having an account used over multiple shifts?

Former Member · ‎11-20-2013

This account is only for viewing purpose. No entries are going to be happen through account. Both the managers will look after only reports. So we dont want to track any kind of logs for this account.

Regards,

Shaligram

Colleen · ‎11-20-2013

Hi Shaligram

Then why can't they have their own Ids?

License compliance implications aside, what happens if you expand scope of a system? What happens if one of them now requires change access? What if they have access to restricted and/or commercially sensitive information? What if scenarios can go on..

Again, what is the business justification for sharing accounts?

Former Member · ‎11-20-2013

Hi Shaligram,

Your mentioned scenario doesn't comply with the SAP standards at all. It does even raise the conflict. It would be better to have them provided with the separate credentials as per their user master records, otherwise the Audit will be the real issue.

Regards,

Ameet

Former Member · ‎11-20-2013

Hi Ameet,

Thanks for the info. Does SAP has any document related to this? If yes, can u provide me the link.

Regards,

Shaligram

Former Member · ‎11-20-2013

If you need SAP document, here you go: Licensing Guide

And the whole process & Guidelines available at: https://websmp201.sap-ag.de/licenseauditing

But you need to look at the EULA AGREEMENT between SAP and the customer to come to a conclusion.

I suggest you to get an official communication from SAP as its related to commercials: For that what you can do is raise a message to SAP in the component XX-SER-LAS .

Best Regards,

Rama

Former Member · ‎11-23-2013

Hi Dodia,

You can find a direct answer to your question from SAP here. Navigate to page 7 and it states:

- SAP gives express notice that the accessing of a system by more

than one person using one and the same named user constitutes

a breach.

- A named user’s password may be passed on to another person

only in exceptional cases (if, for example, the named user is

on vacation or is absent due to sickness, or if the employment

relationship with the named user has been terminated).

Hope this is answers your question.

Regards,

Pranaam

Former Member · ‎11-24-2013


if, for example, the named user is on vacation or is absent due to sickness

Woah! I had to go an ly down for a moment when I read that.

That is actually a major problem out in the wild. I had no idea is was acceptable from a licensing perspective. Holiday is not an exceptional situation though and with SSO there is no password anyway.

There are better solutions such as substitution management for this. No reason to break audit trails for who did what in the system.

Cheers,

Julius