Please find some inputs from my end.
I will be using below acronym:
RTD - Release Template Designer
DP - Deployment Plan
1: Permission “Release Template Designer” controls permission over various aspect/features of product i.e. whether a user can create Templates, Deployment Project, Deployment Plans or not. As the name suggest it make him a Designer of a Release and henceforth with this permission a user can access all features required by him to create or modify a release.
There was a question why we need to give a "Jenkins user - A users used in Jenkins build step" RTD permission to create a release. This is most obvious question especially if you have been using Jenkins to run process in 4.7 To have a clear understanding of this we need to understand the maturity product had undergone from 4.7 to 5.5. In 4.7 stage there were just two features "Template & Release", there were not a mature concept of "Release Designing" which was introduced in 5.5, where a release designer can now design the actual blue print of a release i.e. a deployment plan. So in 4.7.1 a user without RTD permission can create releases (which can also be achieved in 5.5 in slightly tweaked manner) but in 5.5. you need user to have RTD permission if you want to create DP with each build triggered via Jenkins.
2: I will try to explain what I explained above can a user in 5.5 without RTD permission can create releases? Answer to this is yes. If you want to run in same fashion where you don't want this user to do any task of a release designer he can go ahead and create releases with existing DP's. In this manner the system work in similar fashion that of 4.7 where releases are getting created with existing blueprints. The Jenkins plugin of RA has 3 option for its parameter "Deployment Plan usage methods", which are listed below.
Create new deployment plan everytime
Create new deployment plan once and use it everytime
Use an existing deployment plan
For first two options you need user to have RTD permission for the last option you don't need RTD permission and it will be using existing blueprints i.e. DP. The permission set required with 3rd option for a user to create release will be
a. Application Level: Can View Application
b. Environment Level: Release Designer, Can Execute All Releases
3: With above mentioned it is very visible the Jenkins plugin uses two REST API's depending upon the option selected for "Deployment Plan Usage method", which are below.
run-deployments: Creates a deployment from an existing deployment plan. User can create, or run the deployment on the environments provided
run-deployment-plan: Creates a deployment plan from an existing deployment template.
4: If you want to audit who is the creator to deployment plan and who is the executor of release there are two places to trace that. Who is making changes to system are considered as "Audit History" which keep track of all the changes been made in system by each user. You can configure the dashboard -> Audit history report to trace what changes been made by user for example it will record which user created the DP. To know the user who run the release you can just open the specific release and it will be having that information under "Executer".
I hope above will be of help.