At our company, we use batch-tasks to distribute applications to servers.

We have an intentional distinction in access levels between development and
operations, to protect the stability of production hardware.

We would like to have one project produce artifacts, and then allow developers
to use batch tasks to push those files to our development and QA servers. We
would like to use batch tasks to distribute the files to production also-- this
way, we can send the exact same files to production that were tested in QA.

However, when security is enabled ( we use the active directory plugin), it is
not currently possible to assign permissions to a particular batch task.

It would be possible to work around the problem by creating a separate job for
production release, but then another build is required, which might produce a
product than is different than the one produced in the QA job. This extra build
step is a waste of space and time.

Desired Behavior:

• after "enable security" is enabled,
• when "matrix based security" is selected, a new column appears called
  "batch task", corresponding to the ability to run batch tasks. Users are
  prevented from running any batch tasks when this is not checked for their groups.
• on the configuration page for the job, each batch task has a drop down
  list box that allow choosing the group(s) who can execute the task. The choice
  defaults to empty which is all