I was able to reproduce this problem and have found the cause. I consider this to be a bug in Blue Ocean: It checks the Overall/Read permission no matter in which context (folder, job, etc.) the sidepanel link would be displayed. https://github.com/jenkinsci/blueocean-plugin/blob/77960a8dc21840ae5f6df784a26f91e09d7da621/blueocean-rest-impl/src/main/resources/io/jenkins/blueocean/service/embedded/BlueOceanUrlAction/action.jelly#L8 Global permissions are expected to not matter in the context of a folder, so the combination of not being able to grant them on a folder level, and not inheriting them from the global ACL, results in this permission check to fail if and only if you're in such a folder (or job – the same applies to jobs that don't inherit permissions). While an argument could be made that Matrix Auth should always inherit Overall/Read (the same way Overall/Administer is – since Matrix Auth 2.0 – always inherited) for compatibility with buggy plugins, this is ultimately, IMO, a Blue Ocean bug. |