We use "Role-based Authorization Strategy" to configure permissions on our Jenkins.
The permissions for the developers are set by using the "Authenticated" role.

+What happens:
+

• If I set the "Run/Update" permissions for "Authenticated", an authenticated user has the "Keep this build forever"-button on a run of the job.. (Without this permission, the button to set it is missing as expected)
• If the user clicks this button, the run is set to "Keep this build forever" as expected.
• The button disappears (as expected), but no "Don't keep this build forever" button is shown instead.

What I would expect:

• The button"Don't keep this build forever" is shown, so the user can undo the operation, as (s)he could to the operation.

Notes:

• If I give the "Authenticated" user the "Run/Delete" permission in addition, the "Don't keep this build forever" -button is shown.
• But I see this behaviour as not logical. If the user has the right to set the "Keep", (s)he should be able to undo the operation as well.
  I don't want to give the normal user the permission to delete runs.

(I'm not sure, if the problem is with the "Role-based Authorization Strategy" plugin or Jenkins core)