diff --git a/luci-scheduler.cfg b/luci-scheduler.cfg
index e2f8b21f2..3622ebd1c 100644
--- a/luci-scheduler.cfg
+++ b/luci-scheduler.cfg
@@ -16,6 +16,28 @@ acl_sets {
   }
 }
 
+acl_sets {
+  # ACLs for jobs which represent builders which run tests and are triggered by
+  # other so called "parent" builders.
+  name: "triggered-by-parent-builders"
+  acls {
+    role: READER
+    granted_to: "group:all"
+  }
+  acls {
+    role: TRIGGERER
+    granted_to: "libyuv-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
+  }
+  acls {
+    role: TRIGGERER
+    granted_to: "libyuv-ci-gpu-builder@chops-service-accounts.iam.gserviceaccount.com"
+  }
+  acls {
+    role: OWNER
+    granted_to: "group:project-libyuv-admins"
+  }
+}
+
 trigger {
   id: "master-gitiles-trigger"
   acl_sets: "default"
@@ -90,7 +112,7 @@ job {
 
 job {
   id: "Android Tester ARM32 Debug (Nexus 5X)"
-  acl_sets: "default"
+  acl_sets: "triggered-by-parent-builders"
   buildbucket {
     server: "cr-buildbucket.appspot.com"
     bucket: "luci.libyuv.ci"
@@ -100,7 +122,7 @@ job {
 
 job {
   id: "Android Tester ARM32 Release (Nexus 5X)"
-  acl_sets: "default"
+  acl_sets: "triggered-by-parent-builders"
   buildbucket {
     server: "cr-buildbucket.appspot.com"
     bucket: "luci.libyuv.ci"
@@ -110,7 +132,7 @@ job {
 
 job {
   id: "Android Tester ARM64 Debug (Nexus 5X)"
-  acl_sets: "default"
+  acl_sets: "triggered-by-parent-builders"
   buildbucket {
     server: "cr-buildbucket.appspot.com"
     bucket: "luci.libyuv.ci"