The case for dormant-user cleanup

Dormant users are the largest single source of recoverable licence value in most SAP estates. A user who has not logged in within the last ninety days is, by every operational definition, not consuming the system. Yet under USMM the user is counted, classified at the entitlement band assigned to them at activation, and included in the licence position SAP measures against the contract. The cleanup is procedurally straightforward, requires no contract renegotiation, and produces both immediate measurement relief and a sustainable baseline against which future requirements can be planned. This article sets out the identification logic, the deactivation sequence, the operational safeguards, and the audit documentation that converts cleanup activity into a defensible reclassification at the next measurement. The full programme structure is set out in our license optimisation service.

What counts as dormant

The definition matters because audit teams will challenge any inconsistent application. A defensible dormant-user definition has three components. First, an absence of login activity for a specified period — ninety days is the most common threshold and is consistent with SAP’s own informal guidance, though some estates use sixty days for active cleanup and one hundred and twenty for archive. Second, an absence of background activity attributed to the user — batch jobs scheduled by the user, workflows assigned to the user, or RFC calls performed under the user’s credentials. Third, a confirmation that the user has not been deliberately retained dormant for a specific business reason — for example, a user in a long absence, a user retained for compliance archive access, or a user reserved for a planned reactivation.

The three components together produce a working definition that survives audit challenge. A definition based on login activity alone is rebuttable on background-activity grounds. A definition that does not document the deliberate-retention exceptions is rebuttable on completeness grounds. The combined definition is the reference for the cleanup register.

The identification sequence

The identification sequence pulls three data streams against the user master. The first is SU01 login data, providing the last-login timestamp for each user. The second is the SM37 background-job inventory, providing the user attribution for every active batch job. The third is the SOST workflow log, providing the workflow assignment for each user. The three streams reconcile against the user master through the user identifier, producing a per-user activity record across the rolling window. Users with no activity across all three streams are the dormant-user candidate list.

The two-tier candidate list

The candidate list separates into two tiers. The first tier is the unambiguously dormant population — no login, no background activity, no workflow assignment, no business-confirmed retention reason. The first tier is the immediate cleanup target and typically represents ten to fourteen per cent of the named-user population. The second tier is the partially dormant population — some activity but below the threshold typical of an active user. The second tier requires individual review, frequently produces reclassification rather than deactivation, and represents an additional five to eight per cent of the population.

The deactivation mechanics

Deactivation does not delete the user record. It removes the user from the active classification population while retaining the record for audit reference. The mechanics use SU01 to lock the user, set the validity date to the cleanup date, and remove all role-collection assignments. The user record persists with a clear deactivation timestamp and an audit trail. USMM will not count a locked user with no active role-collection assignments, and the licence quantity is released at the next measurement.

The deactivation does not affect the user’s ability to be reactivated. A reactivation is a reverse procedure that restores the role-collection assignment and unlocks the user. The reactivation rate observed in our practice is below three per cent of the deactivated population in the twelve months following cleanup. The dormancy diagnosis is generally correct.

The operational safeguards

The cleanup programme has three operational safeguards that protect against accidental disruption. The first is a confirmation cycle — the candidate list is circulated to the business owner of each functional area before deactivation, with a defined response window and an escalation path. The second is a deactivation freeze during critical business periods — year-end close, quarter close, audit windows. The third is a rollback path — the cleanup record is structured to support same-day reactivation in the rare event of an unanticipated requirement.

The audit documentation standard

The dormant-user cleanup produces the largest single line item in most override registers. Audit teams will scrutinise the line item disproportionately. The documentation standard that survives scrutiny includes, for every deactivated user, the user identifier, the last-login timestamp, the background-activity confirmation, the workflow-assignment confirmation, the business-owner sign-off reference, the deactivation timestamp, and the role-collection-removal reference. The standard is rigid because the audit team will probe for procedural gaps before they engage on substance. A consistent documentation pattern across the deactivated population removes the procedural attack surface. See the USMM preparation playbook for the broader documentation context.

The quarterly cadence

Cleanup is sustainable only as a quarterly cadence. An annual cleanup recovers the accumulated dormancy in one large pass and produces a register the audit team will challenge for completeness. A quarterly cadence produces a steady stream of smaller registers that hold the baseline current and that produce shorter, more defensible documentation. The quarterly review captures the dormancy that accumulates from organisational change, project completion, and natural turnover. The annual measurement preparation reduces to a refresh of the existing register rather than a from-scratch identification exercise. The license optimisation topic page sets out the cadence calendar by estate size.

What S/4HANA changes

The S/4HANA FUE model amplifies the recovered value from cleanup because the FUE consumption per user is higher for the Professional-equivalent bands. A dormant Professional user under FUE consumes one FUE that translates directly into the renewal-period subscription cost. The cleanup arithmetic in a RISE or GROW environment is approximately forty per cent more valuable per user than in the classical named-user environment, because the FUE is the contracting unit and the FUE consumption is the cost driver. The S/4HANA migration compliance pillar covers the FUE conversion mechanics.

The realistic recovery range

Across our 500+ engagements the recovered licence value from dormant-user cleanup ranges from twelve to twenty-two per cent of the named-user position. The range narrows in estates that have run prior cleanup cycles, where the recovered value typically falls to between four and seven per cent annually. The first cleanup cycle produces the largest single recovery. The subsequent cycles produce a steady-state cadence of smaller recoveries that holds the baseline current. The license optimization field guide sets out the recovery range by industry vertical and the manufacturing reclassification case file documents a representative twelve-month programme.

Where to start

If your next USMM submission is within the next two quarters, dormant-user cleanup is the activity with the highest measurable return per hour invested. Our license optimisation service brief covers the typical timeline and the documentation standard.