If there are a lot of predefined credentials (some with powerfull rights)
we need an possibillity to restrict the use of such crdentials.
So we can prevent a user from using such powerfull credentials within a new job.
There are running some jobs with a domain-admin-credentials .
Now the local admin defines a new job and could use the domaincredentials to run a script which can manipulate rights on domainlevel.