We are using the "Project-based Matrix Authorization Strategy" option under "Authorization" for configuring global security. In this matrix, Anonymous has the following perms:

• Overall
  • Read
• Credentials
  • View
• Job
  • ExtendedRead
  • Read
• View
  • Read

We are using LDAP for user access and folders for project grouping. We have "Enable project-based security" enabled at the folder level for the project.

The non-admin user has the following perms at the project folder level (Anonymous has no perms set here):

• Job
  • Build
  • Cancel
  • Configure
  • Create
  • Delete
  • Move

The job they are trying to copy in to the project level folder lives in a different folder. That folder does not have "Enable project-based security" enabled. This job does have two password parameters that are masked using the "Password Parameter" object.

I do not know when this functionality broke. In the past, these settings were sufficient to allow the non-admin user to copy a job from one folder to their folder with no issues. Now we are getting the error message:

Access Denied

May not copy wifi/devops/templates/dev_branch_template_wifi as it contains secrets and wifivsphere has Job/ExtendedRead but not /Configure