The credentials to access the bucket are global, it could make sense to have something more granular that match with the authorization configured in Jenkins. See this example:
We have users U1 and U2
We have jobs J1 and J2
U1 has only access to J1
U2 has only access to J2
right now both users U1 and U2 can urarchive both jobs artifacts, Would make sense to segregate the access to U1 only unarchive J1 artifacts and U2 only unarchive J2 artifacts?