Overall:This group covers basic system-wide permissions:
Administer:Lets a user make system-wide configuration changes and other sensitive operations, for example in the main Jenkins configuration pages. This should be reserved for the Jenkins administrator.
Read:This permission provides read-only access to virtually all of the pages in Jenkins. If you want anonymous users to be able to view build jobs freely, but not to be able to modify or start them, grant the Read role to the special “anonymous” user. If not, simply revoke this permission for the Anonymous user. And if you want all authenticated users to be able to see build jobs, then add a special user called “authenticated”, and grant this user Overall Read permission.
RunScripts:Required for running scripts inside the Jenkins process, for example via the Groovy console or Groovy CLI command.
Slave:This group covers permissions about remote build nodes, or slaves:
Build: This permission allows users to run jobs as them on slaves.
Configure: This permission allows users to configure slaves.
Connect: This permission allows users to connect slaves or mark slaves as online.
Create: This permission allows users to create slaves.
Delete: This permission allows users to delete existing slaves.
Disconnect: This permission allows users to disconnect slaves or mark slaves as temporarily offline.
Job:This group covers job-related permissions:
Build: This permission grants the ability to start a new build.
Cancel: This permission grants the ability to cancel a scheduled, or abort a running, build.
Configure: Change the configuration of a job.
Create:Create a new job.
Delete: Delete a job.
Discover:This permission grants discover access to jobs. Lower than read permissions, it allows you to redirect anonymous users to the login page when they try to access a job url. Without it they would get a 404 error and wouldn't be able to discover project names.
Read:This permission grants read-only access to project configurations. Please be aware that sensitive information in your builds, such as passwords, will be exposed to a wider audience by granting this permission.
Workspace:This permission grants the ability to retrieve the contents of a workspace.Jenkins checked out for performing builds. If you don't want a user to access files in the workspace (e.g. source code checked out from SCM or intermediate build results) through the workspace browser, you can revoke this permission.
Run:This group covers rights related to particular builds in the build history:
Delete:Delete a build from the build history.
Update:Update the description and other properties of a build in the build history. This can be useful if a user wants to leave a note about the cause of a build failure, for example.
View:This group covers managing views:
Configure: This permission allows users to change the configuration of views.
Create:This permission allows users to create new views.
Delete: This permission allows users to delete existing views.
Read: This permission allows users to see views (implied by generic read access).
SCM:Permissions related to your version control system:
Tag:Create a new tag in the source code repository for a given build.