A possible approach to the existing problem could for example be as follows: Start by tracing RFC connections to identify potential third-party applications. It is equally important, however, to gather information about applications that, for example, communicate via IDoc interfaces, IP-Sec connections, HTTP, CHC, SNA, TCP / IP, OSS or other communication paths. If the systems that are potentially affected by indirect use have been identified, they should be classified and appropriately prioritized based on the expected monetary risk.
The next step is to collect detailed information on the prioritized systems and their associated SAP users, and outline the infrastructure diagrams for setting the starting point for an accurate assessment. The use of external applications should also be identified. For this purpose, a check of usage and access authorizations outside SAP may be necessary.
Subsequently, all identified scenarios are evaluated individually, as well as evaluated as to whether technical measures can minimize or even eliminate the risk.
Once you have arrived at the end and have identified the most cost-efficient licensing variant (or technical solution for risk mitigation), existing scenarios are sensibly combined into overlapping use cases in order to avoid cost-inefficient purchase of multiple-usage entitlements for a unique user.
For those users who are actually affected by the necessity of acquiring new licenses, we recommend that you investigate the latest functionalities within the SAP environment that have been accessed by each relevant individual. A match against the corresponding price and conditions list (PCL) results in the identification of the most cost-effective cover variant(s) and leads to the long-awaited transparency and lasting risk minimization.