Running Jenkins 1.570, Active Directory Plugin 1.38, Matrix Authorization Strategy 1.2, Naginator 1.11 We have an authorization policy on some builds where only certain individuals are supposed to be able to initiate the builds. When a build fails, Naginator makes available a "Retry" link. The expected behavior since the user cannot start a build from scratch is that they shouldn't be able to run a retry. However our users who have read-only authorization were able to initiate a retry. This doesn't match with the defined authorization levels.