We are using the Role-based Authorization Strategy plugin to limit the developers to what job they can run. The Multijob plugin is being used to throttle our builds with phases as well as group up application builds that reside on the same Weblogic servers.
The issue I am seeing is around the 'Resume build' button for the multijob projects. I just noticed today that anyone, regardless of how the Roles are set up or if one is even signed in, can click the button and resume a build. This has the potential to cause unstable environments if someone realizes that and continues to rebuild the failed build to get what they want built. I know I am a little behind on the role strategy plugin but I don't think that's where the issue is coming from. It seems to me that the resume build button doesn't take into account who actually has access to run the build in the first place.

We have it set up to where one can browse the build logs of Jenkins without needing to be logged in. I don't really see that as being an issue since we send out the job url's to many groups so the can check on the stauts of the build. And subsequently look at the console output if there is a failure. I have attached a resumed build showing that it was started by an anonymous user. In the role for 'anonymous' users, they are only given read access. I have also tested this with a logged in user that does not have the access to build the original job. But he is able to resume failed builds.