We use the "Restrict project naming - Role-Based Strategy" feature. This option works fine for restricting the name of a job as we cannot create jobs where names doesn't match our regular expressions set in "Project roles".

The problem we encounter is that no restriction is enforced to prevent creation/renaming of a job where a user doesn't have any rights.

ie:

• user A is allowed to name his job as "^project-A_.*$"
• user B is allowed to name his job as "^project-B_.*$"

-> user A or B cannot create projects with name "project-C_test" == good
-> user A is allowed to create a job "project-A_test" == good
-> user A is allowed to create a job "project-B_test" == bad
-> user A is allowed to rename a job "project-A_test" to "project-B_test" == bad

Do we miss an option? Is this a bug?
This has an impact on our security scheme...