This page describes the access control options that are available to you in Cloud Scheduler.
Overview
Cloud Scheduler uses Identity and Access Management (IAM) for access control.
For an introduction to IAM and its features, see the IAM overview. To learn how to grant and revoke access, see Manage access to projects, folders, and organizations.
For lists of the permissions and roles that Cloud Scheduler supports, see the following sections.
Enable the Cloud Scheduler API
To view and assign IAM roles for Cloud Scheduler, you must enable the Cloud Scheduler API for your project. You won't be able to see the Cloud Scheduler roles in the Google Cloud console until you enable the API.
Predefined roles
The following table lists the Cloud Scheduler predefined IAM roles with a corresponding list of all the permissions each role includes.
The predefined roles address most typical use cases. If your use case isn't covered by the predefined roles, you can create an IAM custom role.
Cloud Scheduler roles
| Role | Permissions |
|---|---|
Cloud Scheduler Admin( Full access to jobs and executions. Note that a Cloud Scheduler Admin (or any custom role with the permission cloudscheduler.jobs.create) can create jobs that publish to any Pub/Sub topics within the project. |
|
Cloud Scheduler Job Runner( Access to run jobs. |
|
Cloud Scheduler Viewer( Get and list access to jobs, executions, and locations. |
|
Project-level IAM management
At the project level, you can grant, change, and revoke IAM roles using the Google Cloud console, the IAM API, or the Google Cloud CLI. For instructions, see Manage access to projects, folders, and organizations.