Using the matrix-auth plugin version 3.2.3, I can set global Overall Read permissions, and then specify on a per-project basis who has access to configure and build jobs. This is done using the Configure permission on a either pipeline or folder level. Even if a user is granted all the checkboxes except for admin globally, they are still unable to actually save a configuration of a job. They are able to see the configuration page, the save and apply buttons, but get the following error after clicking either of them:

org.acegisecurity.AccessDeniedException: This job's current authorization strategy does not permit <account-name> to modify the job configuration

This means that the user needs full admin access globally to edit any job configuration.

Log from dockerized jenkins container behind nginx reverse proxy:
2024-11-22 13:41:01.527+0000 [id=30478] INFO    o.e.j.e.n.ContextHandler$APIContext#log: While serving http://xx:xx/job/User-SW-automatization/job/PipelineA/configSubmit: org.acegisecurity.AccessDeniedException: This job's current authorization strategy does not permit <account-name> to modify the job configuration