security based project behavior jenkins v1.504

[iostrym]

Hi, 

I'm using project matrix security on jenkins v1.504 (arround 2013)

So I configure user access in Jenkins Configure Global Security and also  inside jobs (project).

As I read documentation, the project matrix should be cumulative with matrix in global security.

Does it says that if a user has job modification rights in global security he could do job modification on all jobs. even on jobs that are protected using project based security ? If yes, it is strange because I don't notice this behavior everytime but sometimes I meet case where a user can do modification in a job whereas the job has project based security.

What would be the correct configuration for users in global configuration if we want them to be able to see all jobs but be able to do modification only on their jobs (is it always the case ?) and on jobs that has a project based security that allow this.

I don't want to use cloudbee plugin, and i'm trying to understand how jenkins works without any specific plugin for security.

[iostrym]

In brief :

if in global security the "job -> configure" is set for a user. Does it mean that he has right to do job configuration for all jenkins jobs ? Even if the user is not added in the project specific security configuration ?

And also

if "job -> configure" is not set for a user, does he have right to do at least job configuration of its own job ?

Best regards,