What you need to look at is the Private Roles. These allow grants to jobs,
credentials, etc. It’s been a while, but I have an example in this deck
starting on slide 37
https://www.slideshare.net/CourtneyLlamas/oracle-enterprise-manager-security-a-practitioners-guide
<https://www.slideshare.net/CourtneyLlamas/oracle-enterprise-manager-security-a-practitioners-guide>
Not sure if its changed much, but the docs are included here
https://docs.oracle.com/en/enterprise-manager/cloud-control/enterprise-manager-cloud-control/13.3.1/emsec/emsec-13.3-sp-oracle-enterprise-manager-cloud-control-security-guide.pdf
<https://docs.oracle.com/en/enterprise-manager/cloud-control/enterprise-manager-cloud-control/13.3.1/emsec/emsec-13.3-sp-oracle-enterprise-manager-cloud-control-security-guide.pdf>
On Jul 19, 2019, at 2:06 PM, Dave Herring <gdherri@xxxxxxxxx> wrote:
The issue is with permissions/access to the OEM Job scheduling system, not
database / DBMS_SCHEDULER.
I believe I found a potential solution - create a role under Setup ->
Security -> Role, then on each Job update to allow access by this role, then
lastly grant this role to each Administrator as I create them (well, do for
one and everyone else is a "Create like").
If there's a better way (other than retro-fitting the existing environments
to NOT create and schedule all OEM jobs as SYSMAN) by all means share. Thx.
Dave
On 7/19/2019 1:23:13 PM, Mladen Gogala <gogala.mladen@xxxxxxxxx> wrote:
Version 12.1.0.4? I seem to be a bit behind the latest development. What’s
going to happen next? Someone will invent a telephone with a camera which
can connect to Internet?
However, try granting your admins SCHEDULER_ADMIN role and CREATE JOB and
MANAGE SCHEDULER privileges. That should allow the newly minted admins to
perform administrative functions on DBMS_SCHEDULER.
Regards
On 7/19/19 1:57 PM, Dave Herring wrote:
I've got a bit of a newb question related to view-access of other admin's
jobs in OEM. The environment is 12.1.0.4 where all target jobs are created
under SYSMAN account. I'd like to grant a new slew of admins the ability
to view these jobs, both the definition in the Job Library along with
scheduled and execution history. I don't see anything that explicitly
grants this during Administrator creation so perhaps I'm missing something.
Is it possible to do this?
Thx.
Dave