From 9c7debb6112ff360687211328e16d50623452612 Mon Sep 17 00:00:00 2001
From: Esther Alvarez Feijoo <ealvarez@cloudbees.com>
Date: Mon, 28 Oct 2019 13:17:54 +0100
Subject: [PATCH 1/3] [CTR-690] Only allow ADMINISTER to delete a User


From e0c64d7295150d2a3a2e50bcf7b47204c1204080 Mon Sep 17 00:00:00 2001
From: Esther Alvarez Feijoo <ealvarez@cloudbees.com>
Date: Fri, 25 Oct 2019 19:04:12 +0200
Subject: [PATCH 2/3] [CTR-690] Only allow ADMINISTER to configure Agent to
 Master Access Control


From bb2deeb623231f1f5b2a0e7c2bfbfcc5fffe52c1 Mon Sep 17 00:00:00 2001
From: aHenryJard <ajard@cloudbees.com>
Date: Tue, 29 Oct 2019 12:14:53 +0100
Subject: [PATCH 3/3] By default config item are fr administer

---
 core/src/main/java/hudson/diagnosis/OldDataMonitor.java | 6 ++++++
 core/src/main/java/hudson/model/ManagementLink.java     | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/hudson/diagnosis/OldDataMonitor.java b/core/src/main/java/hudson/diagnosis/OldDataMonitor.java
index c45eebd7110b..1911bc9976d7 100644
--- a/core/src/main/java/hudson/diagnosis/OldDataMonitor.java
+++ b/core/src/main/java/hudson/diagnosis/OldDataMonitor.java
@@ -39,6 +39,7 @@
 import hudson.model.listeners.SaveableListener;
 import hudson.security.ACL;
 import hudson.security.ACLContext;
+import hudson.security.Permission;
 import hudson.util.RobustReflectionConverter;
 import hudson.util.VersionNumber;
 import java.io.IOException;
@@ -460,5 +461,10 @@ public String getDescription() {
         public String getDisplayName() {
             return Messages.OldDataMonitor_DisplayName();
         }
+
+        @Override
+        public Permission getRequiredPermission() {
+            return Jenkins.CONFIGURE_JENKINS;
+        }
     }
 }
diff --git a/core/src/main/java/hudson/model/ManagementLink.java b/core/src/main/java/hudson/model/ManagementLink.java
index 2f7e78bd030e..05db6030f029 100644
--- a/core/src/main/java/hudson/model/ManagementLink.java
+++ b/core/src/main/java/hudson/model/ManagementLink.java
@@ -115,7 +115,7 @@ public boolean getRequiresConfirmation() {
      * @return permission required for user to access this management link, in addition to {@link Jenkins#ADMINISTER}
      */
     public @CheckForNull Permission getRequiredPermission() {
-        return Jenkins.CONFIGURE_JENKINS;
+        return Jenkins.ADMINISTER;
     }
 
     /**