The ability to create and manage scheduled reports is controlled by the Change Scheduled Reports permission, part of the Repository & View Permissions. Access control is therefore available per user and repository combination.

You can control which email domains can be used in scheduled reports by specifying the email allowlist in the Organization Security Policies. Additionally, PDF files can be password protected — users can set it up during the configuration of each report.

To enable permissions, you must either add the permission to an existing role, or create a role with suitable permissions and assign that to each repository and user combination that needs to create and manage Scheduled PDF reports.