In the days past, everybody in EM used to end up with Super Administrator privileges due to lack of granularity in permissions. Not any more! Now we have more permissions than you know what to do with, but that’s another blog topic all together!
Here’s a quick list of activities that one might still need Super Administrator for – note these are all considered EM administration activities and most are accessed through the Setup menu:
- Create Administrators – can get around this by using LDAP integration and auto-provisioning
- Access EM Audit
- Access Security Console
- License Management
- Connector Setup
- Data Exchange
- Add/Edit Registration Password
- Configure Notification Mail Server
- Configure Notification Mail Customization
- Configure SNMP
- Configure Global Repeat Notifications
- Setup Privilege Delegation Templates (sudo/pbrun)
- Decommission Agent (bug fix 19430853 will allow users with Full privileges to perform again)
If your user is not responsible for users and security, and doesn’t get paged when EM stops working, then they have no business with Super Administrator privileges or SYSMAN.