How ZMCP is positioned with respect to the SAP API Policy v.4.2026a. Written for customer security and procurement teams, and as a reference for any subsequent SAP review.
This document describes how ZMCP is positioned with respect to the SAP API Policy v.4.2026a. It is intended for customer security and procurement teams evaluating ZMCP, and as a reference for any subsequent SAP review. It does not constitute legal advice; customers remain responsible for their own SAP contractual compliance.
ZMCP is a customer-installed ABAP add-on that exposes a Model Context Protocol (MCP) interface inside a customer's SAP system. It enables an AI client of the customer's choice (e.g. Claude, Codex, Gemini, or a Chat UI bundled with ZMCP) to invoke a defined set of ABAP-side tools for development, Basis administration, and operations support.
ZMCP does not call SAP-hosted APIs from outside the customer's system. It does not move data out of the customer's tenant. It does not interact with SAP's cloud services on the customer's behalf.
ZMCP is supported only in the following deployment configurations:
ZMCP is not offered for, and must not be deployed on:
This scope aligns with §1.2 of v.4.2026a, which permits "custom-developed ABAP interfaces in private cloud and on-premise deployments."
ZMCP is implemented entirely as customer-installed ABAP objects (classes, function modules, ICF service /sap/bc/zmcp_jit) in the customer's package hierarchy. There is no SAP-hosted runtime component, no telemetry to ZMCP vendor systems, and no shared multi-tenant infrastructure.
The MCP client (AI assistant) connects directly to the customer's SAP system over HTTPS. Authentication uses standard SAP mechanisms (Basic Auth, X.509 client certificates, or OAuth/OIDC where configured). Customer authorization objects (AUTHORITY-CHECK) gate every tool invocation. Sensitive field masking is applied per-tenant via ZCL_MCP_MASKER.
ZMCP includes an audit log of every tool invocation, including caller identity, target object, and timestamp, retained in the customer's own system.
A subset of ZMCP tools wraps Published APIs (notably ADT, SAP Control via the documented SOAP interface, and standard BAPIs invoked through RFC). For these tools, ZMCP operates within the Documented Use of those APIs (developer tooling, Basis administration, business object access).
The remaining ZMCP tools wrap function modules, reports, and DDIC tables that are not individually catalogued on the SAP API Hub. These are accessed exclusively by customer-installed ABAP code (ZMCP) running in the customer's own SAP system. v.4.2026a §1.2 explicitly permits "customers may use custom-developed ABAP interfaces in private cloud and on-premise deployments." ZMCP's deployment scope (section 3 above) is restricted to that envelope.
(a) Competitive analysis: ZMCP does not extract data for, transmit data to, or otherwise enable competitive analysis of SAP solutions.
(b) Documented Use: each ZMCP tool is documented with a specific operational scenario (e.g., "retrieve security note metadata for vulnerability triage", "list system parameters for Basis review"). Tools that wrap Published APIs operate within those APIs' Documented Use; tools that wrap non-published interfaces operate within the customer-developed-ABAP carve-out.
(c) System risk: ZMCP enforces per-tool rate limiting, AUTHORITY-CHECK on every invocation, and read-only defaults. Write-capable tools require explicit configuration. The dispatcher logs and bounds long-running RFC calls. Bulk operations are not supported.
(a) AI orchestration: ZMCP exposes a bounded set of named tools to the AI client. The AI client interacts with the customer's own custom-developed ABAP interface (per §1.2 carve-out), not directly with SAP-hosted APIs. The customer controls which AI clients are authorized, which tools are enabled, and which authorization profiles each tool runs under. Read-only defaults apply. The customer's audit log captures every invocation.
ZMCP supports, but does not require, integration with SAP-endorsed architectures (e.g., as a Joule extension in customer landscapes that have Joule licensed). Where a customer's compliance posture requires it, ZMCP can be configured to operate exclusively as a Joule-fronted tool surface.
(b) Scraping / bulk extraction: ZMCP does not perform systematic data harvesting. There is no replication, no bulk export to external storage, and no cross-tenant data movement. Per-call result sizes are bounded by the dispatcher.
ZMCP does not bypass, disable, or circumvent any documented SAP API Control. Specifically, it does not bypass rate limits, override deprecation schedules, exceed ingress/egress quotas, or use impersonation. ZMCP runs under the customer's own technical user (or under principal-propagated user identity, where configured) and is fully visible to standard SAP monitoring (STAD, SM50, SAL audit log).
ZMCP does not impair the customer's ability to meet data export, portability, switching, or legal record retention obligations.
Customers deploying ZMCP are responsible for:
ZMCP tracks revisions to the SAP API Policy. When a new revision is published, ZMCP vendor will:
Customers should monitor help.sap.com / sap-api-policy / latest for policy changes.
For questions on ZMCP's compliance posture: support@zmcp.app
This document does not constitute legal advice. Customers remain responsible for compliance with their own SAP contractual obligations and applicable law.