We got AD authentication enabled on all of our Jenkins servers and have limited the ability to launch and configure jobs to only logged-in domain users. Anon has only read, extended read and workspace job-related permissions. Running set-net-build-number via shell with authorization strategy for that job set as 'Run as User who triggered build' produces permission denied-type error:

00:00:00.059 + java -Djavax.net.ssl.trustStore=jenkinsserver.domain.com -Djavax.net.ssl.trustStorePassword=StorePass -jar jenkins-cli.jar -s https://jenkinsserver.domain.com/ set-next-build-number Job_Name 10
00:00:01.975
00:00:01.979 ERROR: anonymous is missing the Job/Configure permission

Also, when I enable 'Block inheritance of global authorization matrix' and explicitly set Anonymous permissions to allow for job configuration, the issue still persists and the same error appears. Command executes successfully only after setting job/configure permission on a global level.