Market Context

SAP Note 3255746

In October 2022, SAP quietly declared that third-party use of ODP RFC for data extraction was unsupported. In February 2024, they changed the language to unpermitted. In April 2026, they released an audit tool. In June 2026, they deploy a patch that technically blocks it.

This is the timeline of how SAP shut down the way most of the market extracts data — and what it means for every company running SAP.

The Escalation

Four years. Four escalations. One direction.

October 2022
Unsupported. SAP Note 3255746 first appears. Third-party use of ODP Data Replication APIs via RFC is described as unsupported. A soft warning. Most of the market doesn't notice.
February 2024
Unpermitted. The language changes. Third-party use of ODP RFC is now not permitted. SAP states these modules are for SAP-internal applications only, may be modified at any time without notice, and that SAP reserves the right to implement technical measures to restrict and audit unpermitted use. Problems caused by third-party use are at the customer's own risk. SAP will not resolve them.
July 2024
Datasphere positioned. Updated guidance explicitly recommends SAP Datasphere Replication Flow as the mandated solution for data replication scenarios. The strategic direction becomes clear: SAP is funneling extraction through their own paid service.
April 2026
Version 11. Audit tool released. SAP Note 3255746, Version 11 is published. SAP Note 3439624 provides an automated self-assessment tool for auditing existing ODP RFC usage across system landscapes. Organizations can now identify every non-compliant integration before enforcement begins.
June 2026
Technical blocking. SAP deploys a security patch that validates incoming ODP RFC calls against allowed subscriber types and actively blocks unauthorized calls. This is no longer a policy. Non-compliant extraction tools stop working.

What's Affected

The tools the market has been using for twenty years.

Any tool that built SAP CDC or extraction capabilities on the ODP RFC API is affected. This includes tools that enterprises have deployed in production, integrated into their data pipelines, and relied on for operational analytics.

Microsoft Azure Data Factory
SAP CDC connector uses ODP RFC. Microsoft's own engineering team publicly acknowledged the impact and stated the OData alternative is approximately 10x slower. No ETA for a performance-equivalent replacement. Promised public statement never delivered.
Qlik Replicate
ODP connector directly affected. Customers using Qlik for SAP CDC face the same OData performance penalty or migration to alternative methods.
SNP Glue / Kyano
Deprecated their ODP-based extraction in response. Migrating customers to alternative approaches.
Theobald Software
Issued detailed migration guidance. Built compliance detection tooling to identify affected extractions. Published technical walkthrough of Version 11 and the June 2026 blocking patch.
AWS AppFlow
Uses ODP via OData — less directly affected technically, but performance-limited by the OData path SAP is mandating for everyone.
Other ETL/CDC Tools
INIT Software, BryteFlow, and most third-party tools that built SAP extraction on ODP RFC face the same enforcement timeline. Multiple vendors have issued migration guidance or deprecated their connectors.

In Their Own Words

Microsoft's public response to their own customers.

On April 25, 2024, a Microsoft moderator on Microsoft Learn responded to customer concerns about the impact of Note 3255746 on Azure Data Factory's SAP CDC connector.

"Yes, RFC provides the great performance, while OData is slower. Currently, there is no ETA for the OData implementation. The reason behind this implementation choice is because OData is 10x slower."

Bhargava-MSFT, Microsoft Moderator — Microsoft Learn Q&A, April 25, 2024

In the same response, Microsoft promised a public statement "in the following weeks." Multiple enterprise customers followed up over the next six months — named individuals from named companies, requesting the promised statement. As of the most recent follow-up in October 2024, the statement was never delivered. No ETA for an OData-based replacement was ever provided. The SAP Tables connector impact was asked about twice and never answered.

As of the last visible activity on the thread, no public statement had been delivered and no ETA for a replacement had been provided. We haven't found a response from Microsoft since.

The Alternative SAP Offers

Datasphere Replication Flow.

SAP's recommended path forward is SAP Datasphere Replication Flow — SAP's own paid data replication service. The progression is deliberate: restrict the tools customers were using, then position SAP's own service as the mandated alternative.

Datasphere adds licensing cost on top of the SAP license customers already pay. It imposes data egress costs and concurrent replication thread caps that create adoption barriers for high-volume customers. It is positioned for specific deployment models, not the full installed base.

For the ECC majority — approximately 300,000 of SAP's 425,000 customers who haven't migrated to S/4HANA — the path forward is unclear. BDC partnerships with Snowflake, Databricks, Google, and Microsoft cover specific S/4HANA deployment models. ECC customers are not served by any of these partnerships.

The result: enterprise customers running production-scale SAP data extraction have a shrinking set of options. The tools they were using are being blocked. The recommended alternative is slower and more expensive. The ECC majority has no clear path at all.

The ECC Reality

300,000 companies just lost their extraction path. SAP's alternative costs more and does less.

Approximately 300,000 of SAP's 425,000 customers are still running ECC. They haven't migrated to S/4HANA. Most won't for years. Their operational data — the financial history, supply chain records, procurement decisions, and manufacturing runs that constitute the actual activity of their business — lives in ECC systems today.

These are the customers who were using the third-party extraction tools that Note 3255746 just blocked. Azure Data Factory, Qlik Replicate, SNP Glue — tools their IT teams selected, budgeted for, deployed in production, and built data pipelines around. Those tools are now non-compliant, and the blocking patch deploying in June 2026 will technically break them.

SAP's recommended alternative is Datasphere Replication Flow. While Datasphere technically lists ECC as a supported source, the practical reality for an ECC customer is:

New licensing cost. Datasphere is a separate SAP cloud service with its own pricing. ECC customers who were extracting data through tools they had already licensed and deployed now need to adopt and pay for an additional SAP service they hadn't planned for or budgeted.
Performance limitations. Data egress costs and concurrent replication thread caps create barriers for high-volume extraction. An ECC customer with billions of rows in BSEG faces practical constraints that didn't exist with the tools they were using.
BDC partnerships don't help. The data partnerships SAP has signed with Snowflake, Databricks, Google, and Microsoft are built around S/4HANA and BDC. ECC customers are not served by any of these partnerships.
Migration timelines are measured in years. Moving from ECC to S/4HANA to access better extraction options isn't a solution to the problem Note 3255746 created. It's a multi-year, multi-million-dollar program that most ECC customers haven't started.

The practical situation for an ECC customer: the tools they were using are being blocked. The replacement SAP offers costs more, performs differently, and requires adopting a new cloud service. The BDC partnerships don't reach them. And migration to S/4HANA — the path that would open up more options — is years away. These companies need their data now. They have always needed their data. The tools they had found to access it are being taken away.

The Audit Risk

SAP can audit. SAP can block. Both are now operational.

SAP Note 3439624 provides an automated self-assessment tool that identifies all ODP RFC usage across a system landscape. Organizations can run it themselves — and SAP reserves the right to run it for them.

The June 2026 security patch validates incoming ODP RFC calls against allowed subscriber types and blocks unauthorized calls. This is not a contractual restriction. It is a technical enforcement mechanism that will cause non-compliant integrations to fail.

Organizations that have been told by their ETL vendors that their SAP extraction is compliant should verify that claim against the specific scope of Note 3255746. The audit tool exists. The blocking patch is deploying. The enforcement is no longer theoretical.

What's Not Affected

Note 3255746 restricts ODP RFC. Not RFC generally. Not ABAP.

The restriction is specific. ODP Data Replication API via RFC is what's prohibited. RFC as a general protocol remains fully supported. Table extractions via standard ABAP, BAPIs, function modules, and other RFC-based components are unaffected.

SAP drew this boundary explicitly in Version 11. Their own documentation defines the safe-harbor line: ODP-RFC is restricted. Everything else in the standard ABAP framework is not. SAP's recommended migration paths and their favored partners' sanctioned alternatives all depend on the same primitives that sit inside that safe harbor. Moving the boundary would break their own ecosystem.

Note 3255746 was enforceable because ODP-RFC is a discrete, nameable surface — a specific set of function modules that SAP owns, ships, and can therefore fence. That's why the June 2026 blocking patch is technically possible: there's a defined call to validate against a subscriber type and reject. A program that uses cursor-based SELECT through the standard ABAP database interface and reads CDHDR/CDPOS gives SAP nothing to fence. There is no proprietary entry point to revoke, no API to deprecate, no call to validate. You cannot patch SELECT. It's the language, not an interface.

A common assumption is that SAP extraction tools use RFC_READ_TABLE. SAP themselves flagged RFC_READ_TABLE as not for productive use in SAP Note 382318 — it's dialog-bound, width-limited, and slow. DataXover doesn't use it. It uses native cursor-based reads in background work processes. The same architectural decision that makes it fast is the one that keeps it entirely off any restricted or discouraged API surface.

DataXover
Native ABAP running inside the SAP application server. Cursor-based SELECT in background work processes — not RFC_READ_TABLE, not ODP, not any restricted interface. Change-document CDC via CDHDR/CDPOS. Installs in its own /SDN/ namespace without modifying SAP standard objects. There is no SAP-owned API surface to restrict, no proprietary entry point to revoke, and no call to validate against. DataXover uses the platform the way the platform is built to be used.
Standard ABAP Development
Custom ABAP programs, reports, and background jobs that read SAP tables through the standard database interface remain fully supported and unaffected by Note 3255746. SAP's own application code depends on the same mechanisms.

What This Means

The SAP data extraction market is being restructured.

Companies running SAP own their data. How they access, extract, and use that data has always been their decision. Note 3255746 narrows the tools available to make that decision — not because the tools were technically harmful, but because SAP has chosen to restrict the interfaces those tools depended on.

The market response is already visible. Vendors are deprecating connectors. Customers are re-evaluating pipelines. The audit tool is live. The blocking patch is deploying. The tools that served the market for twenty years are being systematically removed from the landscape.

What remains are two paths: SAP's own paid service with its performance and cost limitations, or native ABAP extraction that operates within SAP's supported framework and doesn't depend on the interfaces being restricted.

The data was always there. The question has always been how to get to it. That question just got more urgent for 425,000 companies.

Sources

Everything on this page is publicly documented.

  • SAP Note 3255746, Version 11 (April 21, 2026) — SAP Support Portal (requires SAP credentials): me.sap.com/notes/3255746
  • SAP Note 3439624 — Automated self-assessment/audit tool for ODP RFC usage: SAP Support Portal
  • Theobald Software — Technical walkthrough of Version 11 and June 2026 blocking patch: theobald-software.com
  • Databricks Community — Analysis of unsupported → unpermitted → Datasphere progression: community.databricks.com
  • Simplement — Audit risk and technical inoperability analysis: simplement.us
  • Microsoft Learn Q&A — Customer thread documenting 10x slower OData admission and unfulfilled public statement promise: learn.microsoft.com
  • BryteFlow — Vendor response and migration guidance: bryteflow.com

DataXover operates outside the scope of Note 3255746.

Native ABAP. Inside SAP. Standard framework. No ODP dependency. No restricted interfaces. No audit risk.

See How It Works