Schedule a Cloud DLP inspection scan

Learn how to create a new job trigger using Cloud Data Loss Prevention in the Google Cloud console.

Job triggers are events that automate running Cloud DLP jobs to scan Google Cloud storage repositories (Cloud Storage, BigQuery, and Datastore).


For step-by-step guidance on this task directly in console, click Guide me:

Guide me


The following sections take you through the same steps as clicking Guide me.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  4. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  5. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  6. Enable the Cloud Data Loss Prevention API.

    Enable the API

Create a job trigger

In the following sections, you configure and create a job trigger for a BigQuery public dataset that contains the street addresses of bike share stations in a city.

When this job trigger runs, Cloud DLP scans around 700 bytes of data. You can inspect up to 1 GB of storage data per month free of charge. For more information about pricing, see Storage inspection job pricing.

Choose input data

  1. In the console, open the Data Loss Prevention page.

    Go to Data Loss Prevention

  2. Click the Inspection tab.

  3. Click Create job and job triggers.

    The Create job and job triggers button.

  4. To configure input data, do the following:

    1. In the Name section, define the following options:

      • For Job ID, enter quickstart-job-trigger.

      • Keep Resource location set to Global (any region).

    2. In the Storage type list, select BigQuery, and then define the following options:

      • For Project ID, enter bigquery-public-data.

      • For Dataset ID, enter austin_bikeshare.

      • For Table ID, enter bikeshare_stations.

    3. In the Maximum number of rows field, enter 10.

  5. Click Continue.

Configure detection parameters

  1. To configure detection, do the following:

    1. In the InfoTypes section, click Manage infoTypes.

    2. In the InfoTypes pane, select STREET_ADDRESS.

    3. To close the infoTypes pane, click Done.

    4. In the Confidence threshold section, select Possible from the Likelihood list.

      The value Possible is sufficient for most purposes. If you routinely get matches that are too broad when you use this job trigger, select a higher confidence threshold value. If you get too few matches, select a lower confidence threshold value.

  2. Click Continue.

Add post-scan actions

  1. Click the Notify by email toggle.

  2. Click Continue.

Set a schedule

  1. In the Time span or schedule list, select Create a trigger to run the job on a periodic schedule.

  2. In the Trigger scan repeats list, select Weekly.

  3. Click Continue.

Review and create the job trigger

After you review the JSON-formatted summary of the job settings you just specified, do the following:

  1. Click Create.

  2. In the Confirm job or job trigger create dialog, click Confirm create.

    Allow a minute for Cloud DLP to create the job trigger.

Run the job trigger and view results

To trigger a job immediately, do the following:

  1. On the Trigger details page, click Run now.

    This operation might take some time to complete.

  2. After the job that you created runs once, do the following:

    1. In the Triggered jobs section, select the job ID of the triggered job in the Job ID column.

    2. On the Job details page, view the job results.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

Delete the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

  1. In the console, go to the Manage resources page.

    Go to Manage resources

  2. In the project list, select the project that you want to delete, and then click Delete.
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

Delete the job trigger

If you created the job trigger in an existing project and you no longer need the job trigger, follow these steps:

  1. In the console, go to the Data Loss Prevention page.

    Go to Data Loss Prevention

  2. If necessary, select the project in which you created a job trigger from the console toolbar.

  3. Click the Inspection tab, and then click the Job triggers tab. The console displays a list of all the job triggers for the current project.

  4. In the Actions column for the job trigger you want to delete, click the trigger actions menu , click Delete, and then click Confirm.

    The Delete option in the trigger actions menu.

What's next