The Jenkins security team would like to collect telemetry regarding the usage of optional permissions (using the existing Telemetry API from JEP-214). We plan to use this telemetry to understand whether existing optional permissions are used frequently enough to justify their ongoing maintenance cost or are popular enough that we should consider enabling them by default.

There are only a few permissions in Jenkins core and plugins hosted by the Jenkins community that are disabled by default. These are:

• Agent/ExtendedRead
• Job/ExtendedRead
• Job/WipeOut
• Overall/Manage
• Overall/SystemRead
• Run/Artifacts
• Credentials/UseOwn (defined in credentials)
• Credentials/UseItem (defined in credentials)

There are also two plugins which enable some of these optional permissions by default, so we would like to include the default component information in the telemetry to understand whether these plugins are installed:

• extended-read-permission
• manage-permission