GRC 10 - Business role, no role owner but associated role have owner....

Dear All,
In GRC 5.3 we perform the following mapping:
Business Role A mapped with (no owner)
- Technical Role 1 (from ECC with Owner1)
- Technical Role 2 (from CRM with Owner2)
- Technical Role 3 (from HR with Ownwer3)
IN GRC 5.3 we have a business role mapped with multiple child role(techinical role) from other system.
GRC 5.3 request is able to close and provisioned as it can see owners from child role.
Now in GRC 10, we did the same. Create a business role, then mapped the child role (technical role). Unfortunately, when manager approves the workflow reroute to "NO OWNER DETOUR PATH" because it cannot see the technical role owner.
Seems like GRC 10 is only looking at business role owner. We are unable to add Owner1, Owner2, Owner3 to the business role because when one of the owner approves, it will provision all the technical roles. We might have owners who will reject their role.
Please advice.
Jacky

Hi Mustafa,
you can use end user personalization to avoid a role owner to approve roles for himself. Define a dedicated EUP for role owner stage and restrict via "Approve/Reject Own Requests" like shown below:
Does this answer your question?
Regards,
Alessandro

Similar Messages

OBIEE 11g - Not able to see existing reports which are created by specific owner but I could able to see Admin role user reports.

OBIEE 11g - Not able to see existing reports which are created by specific owner but I could able to see Admin role user reports.
Appreciated if you could able to help as soon as possible as I don' have back up for these disappeared reports.
Pleas let me know if any additional information needed.

Hi
Thank you for the reply.
Here one thing I would need to mention that those are created by me on last week, but when I check those today, I could not able to see or even admin also not able to see those. For sure no migration and updations happend over the week end, really not able to debug whats the issue around. Unfortunately I haven't taken back up as well.
Please could you help and let me know whats the root cause and how I could able to restore.
Best regards,
Kumar

Which table stores relationship of business roles and its associated roles.

Hi,
I want to know the table that stores the relationship between a Business role and its associated roles.
Please note that i am aware of the table GRACBUSROLESNAP that stores the business role relationship corresponding to a request id and this is not what i am looking for.
I want to know the table which stores the definition for business role.
Thanks & Regards,
Khush Bafna.

Hi Khush,
I think table GRACROLERELAT is used to store business role definition.
Best Regards,
Aman

No business partner found for ERP partner "Vendor" (role:LF)

Dear Experts,
When we create Inbound Delivery in ERP, it is getting distributed.
But the IBD is not created in EWM.
We checked in SLG1 and the deliveries were failed in the queue.
The error message says "No business partner found for ERP partner EWM_TEST (role:LF)".
We have maintained Business partner and IT type = CRM004 in Identification Tab.
Still, no idea how we can solve this issue.
Please suggest with your valuable inputs.
Thanks,
Shetty

Hi Ulf ,
Yes i have CIF ed vendor and seems ok now , but while task creation am getting error Please refer below screen shots and kindly guide me on error message .

Business partner "ID" does not exist in role Sold-To Party

Hello everybody!
We have already set up a Group in CRM, but when we use the "Relationships" Assignment Block
and click to "New" button and add a Relationship and a Partner we get the error "Business partner "ID" does not exist in role Sold-To Party"
Where can we fix this?
Any ideas are appreciated, thank you!

Thank you Nicolas,
I had to remove a mandatory Role Category for partner 2, as attached in this reply,
and now we can continue our work.
Thank you very much!

Database Vault Owner Grant Any Role Permission

So I just noticed that the role DV_OWNER has the system privilege to GRANT ANY ROLE assigned to it by default. I was wondering if this is necessary for something. If not I would like to remove it. We would prefer the Database Vault owner person to not have any permissions execept for logging into the Data Vault console to modify realms and rules and stuff, and as well as looking at audit logs. The DV_OWNER role also has ADMINISTER DATABASE TRIGGER and ALTER ANY TRIGGER privileges which I would like to remove as well. Any body have any opinions on this?
Oracle EE 11.2.0.2 on Windows 2008 R2
Thanks.

Sysdba can issue powerful statements such as create user, drop user, alter user, create profile .. and so on... can be done only if it is allowed so by modifying the Can maintain accounts/profiles rule set.
You can also login with dvsys account but that account is locked after installation. So unlock it with
alter user username account unlock; command. And be aware that ANY system privileges are blocked in protected schemas. You can try to grant the following roles in DB Vault := DV_OWNER, DV_REALM_OWNER, DV_REALM_RESOURCE, DV_ADMIN, DV_PUBLIC, DV_ACCTMGR, DV_SECANALYST
Following can help you
SELECT TABLE_NAME, OWNER, PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE = 'DV_ACCTMGR';
SELECT PRIVILEGE FROM DBA_SYS_PRIVS WHERE GRANTEE = 'DV_ACCTMGR';
Regards
Karan

Direct grants working, but not roles

Newbie question on roles.
I'm trying to give access to tables in one schema, zowner, to another (empty) schema, zuser, which represents an application user.
If I grant zuser a privilege directly, it works. For example:
SQL> grant insert on zowner.items to zuser; -- as DBA
Grant succeeded.
SQL> select count(*) from zowner.items; -- as zuser
COUNT(*)
3
But if I create a role instead, and grant it a privilege, and then grant zuser that role, then it doesn't work:
SQL> create role zowner_delete; -- as DBA
Role created.
SQL> grant delete on zowner.items to zowner_delete; -- as DBA
Grant succeeded.
SQL> grant zowner_delete to zuser; -- as DBA
Grant succeeded.
SQL> delete from zowner.items where num=3; -- as zuser
delete from zowner.items where num=3
ERROR at line 1:
ORA-01031: insufficient privileges
What am I missing??? Thanks, --DD

No, I don't think I was, yet I'm still seeing some weird stuff going on:
I did get further by granting 'create role' to zowner, and creating the roles using zowner, as it seems that a role created by system is less accessible that one creating by an ad-hoc (non-privileged) user.
But if you look at the SQL*Plus session below, you'll notice that despite granting the delete privileges (on table zowner.items) to zuser, the first delete attempts fails, while the second succeeds! The first one is made withing the test-roles script, while the second is later on, by hand in SQL*Plus, after listing the privileges of the roles.
So there's still something funny going on here, which I don't understand... And as you can also see, I'm alternating connections between zowner and zuser, so I am reconnecting everytime this time.
If anyone can shed more light on this, that be great. Thanks, --DD
Oracle Database 11g Enterprise Edition Release 11.1.0.4.0 - Beta
With the Partitioning, OLAP and Data Mining options
SQL>
SQL>
SQL>
SQL>
SQL>
SQL> @test-roles
SQL> SET SERVEROUTPUT ON
SQL> -- (zdb value changed)
SQL> DEFINE zdb = '@//host:port/sid'
SQL>
SQL> ---- As system ---------------------------------------------
SQL> DROP USER zowner CASCADE;
User dropped.
SQL> CREATE USER zowner IDENTIFIED BY zowner;
User created.
SQL> GRANT CONNECT, RESOURCE, CREATE ROLE, CREATE TABLE TO zowner;
Grant succeeded.
SQL>
SQL> -- Create empty user.
SQL> DROP USER zuser CASCADE;
User dropped.
SQL> CREATE USER zuser IDENTIFIED BY zuser;
User created.
SQL> GRANT CONNECT, RESOURCE TO zuser;
Grant succeeded.
SQL>
SQL> DROP ROLE zowner_insert;
Role dropped.
SQL> DROP ROLE zowner_delete;
Role dropped.
SQL> commit;
Commit complete.
SQL>
SQL> -- As zowner -----------------------------------------------
SQL> CONNECT zowner/zowner&zdb;
Connected.
SQL> create table items (num INTEGER, txt VARCHAR2(32));
Table created.
SQL> insert into items (num,txt) values (1, 'one');
1 row created.
SQL> insert into items (num,txt) values (2, 'two');
1 row created.
SQL> commit;
Commit complete.
SQL> PROMPT Listing items from zowner
Listing items from zowner
SQL> select * from items;
NUM TXT
1 one
2 two
SQL>
SQL> -- As zuser (no grant: select FAILS) -----------------------
SQL> CONNECT zuser/zuser&zdb;
Connected.
SQL> select * from zowner.items;
select * from zowner.items
ERROR at line 1:
ORA-00942: table or view does not exist
SQL>
SQL> -- As zowner -----------------------------------------------
SQL> CONNECT zowner/zowner&zdb;
Connected.
SQL> GRANT select on items to zuser;
Grant succeeded.
SQL>
SQL> -- As zuser (direct grant: select OK) ----------------------
SQL> CONNECT zuser/zuser&zdb;
Connected.
SQL> select * from zowner.items;
NUM TXT
1 one
2 two
SQL>
SQL> -- As zowner -----------------------------------------------
SQL> CONNECT zowner/zowner&zdb;
Connected.
SQL> CREATE ROLE zowner_insert;
Role created.
SQL> GRANT insert on items to zowner_insert;
Grant succeeded.
SQL> GRANT zowner_insert to zuser;
Grant succeeded.
SQL>
SQL> -- As zuser (indirect grant: insert OK) --------------------
SQL> CONNECT zuser/zuser&zdb;
Connected.
SQL> insert into zowner.items (num,txt) values (3, 'three');
1 row created.
SQL> commit;
Commit complete.
SQL> select * from zowner.items;
NUM TXT
3 three
1 one
2 two
SQL>
SQL> set linesize 90
SQL> column ROLE format a20
SQL> column OWNER format a10
SQL> column TABLE_NAME format a20
SQL> column COLUMN_NAME format a10
SQL> column PRIVILEGE format a20
SQL> select * from role_sys_privs;
ROLE PRIVILEGE ADM
RESOURCE CREATE SEQUENCE NO
RESOURCE CREATE TRIGGER NO
RESOURCE CREATE CLUSTER NO
RESOURCE CREATE PROCEDURE NO
RESOURCE CREATE TYPE NO
CONNECT CREATE SESSION NO
RESOURCE CREATE OPERATOR NO
RESOURCE CREATE TABLE NO
RESOURCE CREATE INDEXTYPE NO
9 rows selected.
SQL> select * from role_tab_privs;
ROLE OWNER TABLE_NAME COLUMN_NAM PRIVILEGE GRA
ZOWNER_INSERT ZOWNER ITEMS INSERT NO
SQL>
SQL> -- As zowner -----------------------------------------------
SQL> CONNECT zowner/zowner&zdb;
Connected.
SQL> CREATE ROLE zowner_delete;
Role created.
SQL> GRANT delete on items to zowner_delete;
Grant succeeded.
SQL> GRANT zowner_delete to zuser;
Grant succeeded.
SQL>
SQL> -- As zuser (indirect grant: delete ??) --------------------
SQL> CONNECT zuser/zuser&zdb;
Connected.
SQL> delete from owner.items where num=3;
delete from owner.items where num=3
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> commit;
Commit complete.
SQL> select * from zowner.items;
NUM TXT
3 three
1 one
2 two
SQL> -- END OF THE test-roles SCRIPT
SQL> select * from role_sys_privs;
ROLE PRIVILEGE ADM
RESOURCE CREATE SEQUENCE NO
RESOURCE CREATE TRIGGER NO
RESOURCE CREATE CLUSTER NO
RESOURCE CREATE PROCEDURE NO
RESOURCE CREATE TYPE NO
CONNECT CREATE SESSION NO
RESOURCE CREATE OPERATOR NO
RESOURCE CREATE TABLE NO
RESOURCE CREATE INDEXTYPE NO
9 rows selected.
SQL> select * from role_tab_privs;
ROLE OWNER TABLE_NAME COLUMN_NAM PRIVILEGE GRA
ZOWNER_INSERT ZOWNER ITEMS INSERT NO
ZOWNER_DELETE ZOWNER ITEMS DELETE NO
SQL>
SQL>
SQL> desc zowner.items
Name Null? Type
NUM NUMBER(38)
TXT VARCHAR2(32)
SQL> insert into zowner.items (num,txt) values (4,'four');
1 row created.
SQL> commit;
Commit complete.
SQL> select * from zowner.items;
NUM TXT
3 three
4 four
1 one
2 two
SQL> delete from zowner.items where num=4;
1 row deleted.
SQL>

Error - Business partner 30000011 does not exist in role TR0151

Hello,
I am receiving an error "Business partner 30000011 does not exist in role TR0151" while creating a Fixed Deposit Transaction through FTR_CREATE.
Whilst testing Fixed Deposit accounting in SAP Treasury, i was testing a scenario of a MINOR and his/her GUARDIAN. Both have been created as Business Partners. However, i have NOT created the Minor further as a Customer.
I now have a MINOR defined as a Business Partner, a GUARDIAN defined as a BUSINESS PARTNER and CUSTOMER both and a relationship established between the two through the RELATIONSHIPS tab.
After doing the above, i am trying to create a Fixed Deposit through FTR_CREATE where i am receiving the above mentioned error.
In Customizing, i have checked that the TR0151 is assigned to COUNTERPARTY role and TR0154 to the BENEFICIARY role
The GUARDIAN was created with BP role - Business Partner General and then changed to COUNTER PARTY. The MINOR has been created with BP Role - Business Partner General and then changed to BENEFICIARY.
My expectation was that since MINOR is not defined as Customer, the system would not allow me to create a FD for the Minor and display such a message which would ask me to create the FD using the GUARDIAN as the Business Partner.
Request your help on this.
Regards,
Murtuza.
+91 9923205169

Hi,
It is not necessary that a business partner has to be linked to a customer account. In certain cases, your house bank itself acts as a counterparty, in that case you can directly settle to your bank account instead of managing through a customer.
For your case, you need to maintain the role of counterparty for MINOR as well. Only if the business partner exists in that role can you create a transaction.
Regards,
Ravi

Associating roles with LDAP Groups

I see in a number of places where I can define roles using a "principal-name".
Can I use a realm group here as well as a single user? What I'm looking for is
a method where I can set up my roles in my web appps and ejbs and then on the
fly grant users rights by adding them to a group. Certainly seems possible but
I must be missing something.
Consider the following example (from the weblogic documentation) and let me know
if I can use realm groups for the section attributed to the weblogic.xml file.
(I marked it with ***).
<security-constraint> <web-resource-collection> <web-resource-name>SecureOrdersEast</web-resource-name>
<description> Security constraint for resources in the orders/east directory </description>
<url-pattern>/orders/east/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method>
</web-resource-collection> <auth-constraint> <description>constraint for east
coast sales</description> <role-name>east</role-name> <role-name>manager</role-name>
</auth-constraint> <user-data-constraint> <description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>
<security-role> <description>east coast sales</description> <role-name>east</role-name></security-role>
<security-role> <description>managers</description> <role-name>manager</role-name></security-role>
weblogic.xml entries *** Can these come from the realm????????***
<security-role-assignment> <role-name>east</role-name> <principal-name>tom</principal-name>
<principal-name>jane</principal-name> <principal-name>javier</principal-name>
<principal-name>maria</principal-name> </security-role-assignment> <security-role-assignment>
<role-name> manager </role-name> <principal-name>peter</principal-name> <principal-name>georgia</principal-name></security-role-assignment>

See my answer to your question:
Simple (dumb) role/group question
Yong
"Ilango Maragathavannan" <[email protected]> wrote:
>
I see in a number of places where I can define roles using a "principal-name".
Can I use a realm group here as well as a single user? What I'm looking
for is
a method where I can set up my roles in my web appps and ejbs and then
on the
fly grant users rights by adding them to a group. Certainly seems possible
but
I must be missing something.
Consider the following example (from the weblogic documentation) and
let me know
if I can use realm groups for the section attributed to the weblogic.xml
file.
(I marked it with ***).
<security-constraint> <web-resource-collection> <web-resource-name>SecureOrdersEast</web-resource-name>
<description> Security constraint for resources in the orders/east directory
</description>
<url-pattern>/orders/east/*</url-pattern> <http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection> <auth-constraint> <description>constraint
for east
coast sales</description> <role-name>east</role-name> <role-name>manager</role-name>
</auth-constraint> <user-data-constraint> <description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee> </user-data-constraint>
</security-constraint>
<security-role> <description>east coast sales</description> <role-name>east</role-name></security-role>
<security-role> <description>managers</description> <role-name>manager</role-name></security-role>
weblogic.xml entries *** Can these come from the realm????????***
<security-role-assignment> <role-name>east</role-name> <principal-name>tom</principal-name>
<principal-name>jane</principal-name> <principal-name>javier</principal-name>
<principal-name>maria</principal-name> </security-role-assignment> <security-role-assignment>
<role-name> manager </role-name> <principal-name>peter</principal-name>
<principal-name>georgia</principal-name></security-role-assignment>

Is OIA supports adding Multiple data owners for single role?

Hi
Can you please let me know, if we can assign multiple data owners under resources tab, data mangement tab.
Or with glossory upload using file based?
The intension to keep backup data owner for each role for certifications.
Thanks

No, OIA does not support multiple data owner. You also cannot target the backup data owner in certification.

Assignment pfcg-role to user and assignment pfcg-role to business role

Hello, Gurus!
What is the difference between direct assignment pfcg-role to user and assignment pfcg-role to business role? What is the effect from assignment pfcg-role to business role?
As I see authrizations from pfcg-role assigned to business role have no effect to user...
Best regards,
Artuк Litvinov.

Artur,
The business role assignment does not give a user that PFCG role. Instead it is just a mapping table and does nothing more.
Therefore that UIU_COMP auth object must exist in the PFCG roles assigned to the user in order for them to use the webclient. In your scenario let's do the following:
You have pfcg roles:
RA
RB
You a have business role
B1
You have users:
Joe
Jack
Business Role B1 is assigned to role RA which contains UIU_COMP.
User Joe gets business role B1 and roles RB which does not have UIU_COMP. This will not let him use the webclient.
User Jack gets business role B1 and pfcg role RA. This will work because everything is there.
This means you need both the correct PFCG plus business role setup to make it work properly.
Take care,
Stephen

Integration of multiple business role profiles in a single Z role profile

Hi experts,
I want to see all the work center available in service pro role and interaction center role profiles in a single Z business role prfole on the WEB UI.
Please advise me the possibilities of the integration of multiple business role profiles in a single Z role profile(Example like Administratoru2019s profile).
If it is possible what would be the approach please suggest me.
Thanks in advance
sameera

Copy one of this 2 roles which you want to use in Z role and then manualy assign additional workcenters and links to this Z role which you are still missing.
There is no standard predelivered admin role which would have all workcenters.

Roles with same ID, but different names..........

Hello evryone,
In portal(EP6 sp9),we are having the role ID as "com.sap.netweaver.coll.Collaboration".
But for the same role ID two name exists as
1)pcd:portal_content/specialist/Collaboration
2)pcd:portal_content/com.sap.pct/Collaboration
Can anybody tell me, what is the difference between these names?
Thanx in advance.
Amol.

Hi Amol,
Yes you are right that there are 2 roles for collaboration. But they are not the same.
1)pcd:portal_content/com.sap.pct/Collaboration
This role is assigned to the user so that they can use the services of the Room created. But still there are some features of collaboration which can't be accessed without having the "specialist" role.
The same case happened with me.
2)pcd:portal_content/specialist/Collaboration
Few services which I was mentioning like: sharing the System application with other users, Sharing the System Screen with other User, Giving control of a system to other User.. All these are defined in the "specialist" role.
Hope this solves your Problem.
With Regards
Pravesh Verma
PS: Please consider Awarding Points.

The security-role-assignment references an invalid security-role: Certifica

In Oracle Enterprise Pack for Eclipse, I failed to deploy an application in debug mode. The error I noticed in my domain log is:
weblogic.management.DeploymentException: [HTTP:101168]The security-role-assignment references an invalid security-role: Certificate.
 at weblogic.servlet.security.internal.WebAppSecurity.setRoleMapping(WebAppSecurity.java:180)
 at weblogic.servlet.security.internal.WebAppSecurity.registerSecurityRoles(WebAppSecurity.java:155)
 at weblogic.servlet.internal.WebAppServletContext.prepareFromDescriptors(WebAppServletContext.java:1181)
 at weblogic.servlet.internal.WebAppServletContext.prepare(WebAppServletContext.java:1120)
 at weblogic.servlet.internal.HttpServer.doPostContextInit(HttpServer.java:449)
 at weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:424)
 at weblogic.servlet.internal.WebAppModule.registerWebApp(WebAppModule.java:910)
 at weblogic.servlet.internal.WebAppModule.prepare(WebAppModule.java:364)
 at weblogic.application.internal.flow.ScopedModuleDriver.prepare(ScopedModuleDriver.java:176)
 at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:93)
 at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:387)
 at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
 at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:58)
 at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:42)
 at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:615)
 at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
 at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
 at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:16)
 at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:155)
 at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
 at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:197)
 at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:89)
 at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
 at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:723)
 at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1190)
 at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:248)
 at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:159)
 at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:157)
 at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:12)
 at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:45)
 at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
What I do not understand is that this error remains even though I modified weblogic.xml to remove the following lines:
<wls:security-role-assignment>
<wls:role-name>Certificate</wls:role-name>
<wls:externally-defined/>
</wls:security-role-assignment>
I also deleted <MYDOMAIN_HOME>/servers/AdminServer/cache and <MYDOMAIN_HOME>/servers/AdminServer/tmp but this error still showed up when I attempted to deploy the application in Eclipse.
If I exported the EAR file and deployed it using Admin Console, the application was deployed successfully. But when I deleted it in Admin Console and attempted to deploy it in Eclipse again, the same error occurred and the deployment failed. What could be the reason for this behavior? Is there anything cached somewhere when deploying it in Eclipse? Thanks in advance for your help.

Hi,
I know that is an old thread, but just in case... Maybe you could try setting up the DEBUG_OPTIONS in your startManagedWeblogic script and configure a remote debug in Eclipse:
DEBUG_OPTIONS="-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,address=8003,server=y,suspend=n"
Hope it helps,
Luis

Need to reset ipad but don't have original owners apple id just password

I manage a pawn shop and we reset apple ipad to factory settings now it say's owner has used find my phone to link their id. I do not have the owners apple id but I do have password and have no way to get ahold of owner what can I do

In future you must verify that 'Find My iPhone' is switched off, that is the key to all the security. If it is on you will not be able to get around it unless (a) you have the seller demonstrate that it is off by showing you that it has been disabled or (b) have the seller go to his account on the iCloud website, then go to Find My Phone (on the site) and remove the item from his account. In your case I would guess that the first method would be preferable.
The one you have can be sold for parts value, but that's about it, sorry to bear the news.
PS: You are not the first Pawn Shop operator to post here with this problem. I don't know your business but if there is some kind of trade publication this may be a good item for it (and it is already spreading to other manufacturers devices), Galaxy G5's have a similar system, the EU will require it by law. The clock is ticking

GRC 10 - Business role, no role owner but associated role have owner....

Similar Messages

Maybe you are looking for