The JobScheduler knows different permissions for xml commands. These permisisons can be configured differently for each IP address in the security element of the ./config/scheduler.xml file:
<security ignore_unknown_hosts="yes">
<allowed_host host="localhost" level="all"/>
<allowed_host host="[scheduler_host]" level="all"/>
<allowed_host host="123.123.123.123" level="info"/>
</security>
where [scheduler_host] is the hostname or IP of that machine where the JobScheduler is installed.
If you call JOC from [scheduler_host] with http://[scheduler_host]:4444 then you have full access.
If you call JOC from 123.123.123.123 with http://[scheduler_host]:4444 then your permissions are restricted.
But these are only IP level rights.
Currently the JobScheduler doesn't know user level permissions.
If you want user level permissions, then you can configure How to operate JOC with an Apache Proxy.
If you use two user groups (admin, operator) which have different permission sets then see the article How to configure JOC for HTTP authentication for the configuration for different machines.
Furthermore configure the ./config/scheduler.xml file like this:
<security ignore_unknown_hosts="yes">
<allowed_host host="localhost" level="all"/>
<allowed_host host="[scheduler_host]" level="all"/>
<allowed_host host="[hostname of apache for admin]" level="all"/>
<allowed_host host="[hostname of apache for operator]" level="info"/>
</security>