authorize-project plugin can easily cause security issues like following situations:

• User A configured a project X run as user A.
• User B updates the configuration of project B.
• User B can do something with the authentication of user A.

authorize-project avoids this problem by raising an exception when user B tries to configure project A.
But this has following problem:

• Raising exception isn't the "proper" way to forbid configuration.
  • It might not work in some cases or in the future version of Jenkins.
• Users have to configure the project again from the beginning if it is rejected by authorize-project plugin. It isn't user-friendly.
• There are several ways to configure projects. Web UI, REST WebAPI, CLI. Authorize-project have to cover all configuration methods.

I believe the "proper" way to forbid a user to configure a project is to revoke Job.CONFIGURE permission for that project form that user.

Then what I need is a mechanism for plugins to restrict Job.CONFIGURE permissions.