The first need is to let some selected people to run some scriptlers.
This can be particularly usefull because standard Jenkins ACL's does not permit to restrict ACL for some jobs.
Such jobs should then be accessible outside the manage Jenkins panel, and the code should not be displayed when selecting one.
Each scriptler should have its own ACL to allow for a precise selection. For example, the Job Managers could be able to disconnect a slave via a scriptler script, but should not be authorized to run other more critical actions.