User group concept
To manage permissions more easily, the members of an organization are managed through groups. The following applies:
- Permissions can be set at both user and group levels.
- A user can belong to several groups within an organization.
- A user's permissions are the sum of all the permissions granted to them individually plus all the permissions granted by the groups they are a member of.
Built-in groups are added to each organization. Starting in Team plan, you can define and add custom groups to your organization.
Built-in groups
When a new organization is created, two built-in groups are automatically created for the organization:
- Members group: This group contains all DevOps platform (DOP) users of the organization. Any DOP user added to the organization is automatically added to this group.
- Owners group: This group is intended to include the organization admins. The organization's creator (if they use a DOP user account) is automatically added to this group. By default, members of this group have full control over the organization.
In addition, a technical group - the Anyone group - is used to manage the permissions on public projects of users who are not members of the organization. This technical group is visible on the project level only. By default, members of this group have no permissions.
You can never delete the Members group, or change its name and composition. Starting in Team plan, you can:
- Change the permissions of the Members group.
- Manage the Owners group: change its name, composition, and permissions; or delete it.
- Change the permissions of the Anyone group: you can grant organization-level permissions (except Administer organization) and permissions on public projects (except Administer project).
The figure below shows the three groups related by default to an organization.
Built-in group permissions on Free plan
This section shows the permissions assigned to the built-in groups in a Free plan organization.
In a Team or Enterprise organization, those permissions are default permissions that you can change.
Organization-level permissions
| Permission type | Description | Members | Owners | Anyone |
|---|---|---|---|---|
| Administer Quality Gates | Can create and update quality gates that can be applied to the organization’s projects. | x | ||
| Administer Quality Profiles | Can create and update quality profiles that can be applied to the organization’s projects. | x | ||
| Create Projects | Can create new projects in the organization. | x | ||
| Administer | Has full control over the organization. | x |
Project-level permissions
| Permission Type | Description | Members | Owners | Anyone |
|---|---|---|---|---|
| Browse Project | Applies only to private projects. Can view the project. | x | ||
| See Source Code | Applies only to private projects. Can view the source code (via API and web view) provided the Browse project permission is also granted. | x | ||
| Administer Issues | Can perform the following actions:
| x | ||
| Administer Security Hotspots | Can change the status of a security hotspot. For private projects, the Browse project permission must also be granted. | x | ||
| Execute Analysis | Can start an analysis on the project. This includes the ability to get all settings required to perform an analysis (including secured settings like passwords) and to push analysis results to the SonarQube Cloud server. | x | ||
| Administer | Can perform the following actions:
For private projects, the Browse project permission must also be granted. | x |
Related pages
- Managing the user groups of your organization
- Setting the organization-related permissions of a group
- Setting the project-related permissions of a group:
- At the organization level (through templates)
- At the project level
Was this page helpful?
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
