Is there a solution to this yet ? I am facing same issue with matrix auth 3.0.
Following works fine, but results in a warning on UI:
_authorization
{ permissions(this.myADGroup, ['hudson.model.Item.Read','hudson.model.Item.Configure'])}
_
When I try changing it to:
_authorization
{ permissions(this.myADGroup, ['GROUP:hudson.model.Item.Read','GROUP:hudson.model.Item.Configure'])}
_
I get error:
ERROR: (unknown source) permission must be one of com.cloudbees.plugins.credentials.CredentialsProvider.Create,com.cloudbees.plugins.credentials.CredentialsProvider.Delete,com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains,com.cloudbees.plugins.credentials.CredentialsProvider.Update,com.cloudbees.plugins.credentials.CredentialsProvider.View,hudson.model.Item.Build,hudson.model.Item.Cancel,hudson.model.Item.Configure,hudson.model.Item.Delete,hudson.model.Item.Discover,hudson.model.Item.Move,hudson.model.Item.Read,hudson.model.Item.Workspace,hudson.model.Run.Delete,hudson.model.Run.Replay,hudson.model.Run.Update,hudson.scm.SCM.Tag
https://github.com/jenkinsci/job-dsl-plugin/blob/b3bd3488f6c7389be8df0c7e473d0144c364a6ad/job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/Job.groovy#L296-L308 appears to be specific functionality related to matrix-auth in job-dsl, operating directly on the serialized XML of the configuration.
Unfortunately, this approach means that job-dsl plugin does not declare a dependency (even optional) on matrix-auth, so it doesn't show up in https://plugins.jenkins.io/matrix-auth/#dependencies at all and I was unaware this existed.
Note how this directive has been working with obsolete configurations for quite a while — blocksInheritance was replaced with a more powerful inheritance management in matrix-auth 2.0 (Oct 2017).
So there's nothing matrix-auth can do about this — job-dsl works directly on serialized configuration XML.