A user who has only read access in the authorizations tab of the user object definition, but who has the privilege to view the Administration Perspective is able to go to the Administration perspective and right-click an agent and replace that agent in jobs.
Steps to reproduce:
1) Create a user with Authorization set to Read only for all objects and with all privileges checked
2) Create a JOB with a non-read-only user and assign an agent
3) Log in as read-only user from step 1
4) Go to Administration perspective and to Agents & Groups
5) Right-click the agent from step 2 above and choose "Replace"
6) Replace with any agent on any or all objects in the popup
Expected behavior: there should be an error stating that writing to the objects in step 5 is not allowed due to not having Write access
Actual behavior: Agent is replaced in objects from step 5 above