A top-level Jenkins job "A" is triggered by a user Bob. This job calls another job "B" which copies artifacts from a job "C", also triggered by "A". The user Bob has read access to all 3 jobs. Unless I give Anonymous Read access to Jenkins the build fails with:

ERROR: Unable to find project for artifact copy: C
This may be due to incorrect project name or permission settings; see help for project name in job configuration.

This seems like a major security flaw. I am required to have the Jenkins system locked down for security reasons. The plugin documentation is a little ambiguous as to whether this is absolutely required (the English is a little off). Is it possible to disable anonymous read access and still have this plugin working, preferably without messy hacks?