In addition to the global security matrix, we should be able to control security
by users and jobs.

I see it as a job configuration option. By default, all users are allowed (with
rights defined in the matrix), and there is an option to activate per user control.

In my company, we need this because we use Maven with our forge, and we need
this fine grained security because we host a lot of different projects from
different customers on the same Hudson instance.