First things first: We successfully use GitLab OAuth for Jenkins and it works like a charm. Thanks for your great work!

Now the improvements required, before we can let guests, reporters and developers access the Jenkins server:

Our projects are all private. The default user rights connected with the above three GitLab roles allow modifying and even deleting the project related build jobs. As we assign these roles to project stakeholders that not always should have these permissions,

we're looking for a way to restrict their access to read-only, or read and build only on a per GitLab project role base. (Or at least having the default access granted to the above roles limited in that manner.)

As your plugin unfortunately does not provide these features, we still have to use matrix based permissions, which is a pain with growing job and user numbers.