User group concept
To manage user permissions more easily in SonarQube Cloud, the members of your organization are managed through groups.
To manage permissions more easily, the members of an organization are managed through groups. The following applies:
Permissions can be set at both user and group levels.
A user can belong to several groups within an organization.
A user’s permissions are the sum of all the permissions granted to them individually plus all the permissions granted by the groups they are a member of.
Built-in groups are added to each organization. Starting in Team plan, you can define and add custom groups to your organization.
Built-in groups
When a new organization is created, two built-in groups are automatically created for the organization:
Members group: This group contains all DevOps platform (DOP) users of the organization. Any DOP user added to the organization is automatically added to this group. See Default authentication through DevOps platform for more details.
Owners group: This group is intended to include the organization admins. The organization’s creator, if they use a DOP user account, is automatically added to this group. By default, members of this group have full control over the organization.
You can never delete the Members group, or change its name and composition. Starting in Team plan, you can:
Change the permissions of the Members group.
Manage the Owners group: change its name, composition, and permissions; or delete it.
The figure below shows the two groups related by default to an organization.
Built-in group permissions on Free plan
This section shows the permissions assigned to the built-in groups in a Free plan organization.
In a Team or Enterprise organization, those permissions are default permissions that you can change.
Organization-level permissions
Permission type
Description
Members
Owners
Administer Quality Gates
Can create and update quality gates that can be applied to the organization’s projects.
x
Administer Quality Profiles
Can create and update quality profiles that can be applied to the organization’s projects.
x
Create Projects
Can create new projects in the organization.
x
Administer
Has full control over the organization.
x
Project-level permissions
Permission Type
Description
Members
Owners
Browse Project
Applies only to private projects. Can view the project.
x
See Source Code
Applies only to private projects. Can view the source code (via API and web view) provided the Browse project permission is also granted.
x
Administer Issues
Can perform the following actions:
• Accept an issue
• Mark an issue as False positive
x
Administer Security Hotspots
Can change the status of a security hotspot. For private projects, the Browse project permission must also be granted.
x
Execute Analysis
Can start an analysis on the project. This includes the ability to get all settings required to perform an analysis (including secured settings like passwords) and to push analysis results to the SonarQube Cloud server.
x
Administer
Can perform the following actions:
• Delete a project.
• Change the project settings including project-level permissions.
• Configure various project functions, such as PDF reporting, snapshots, and webhooks.
For private projects, the Browse project permission must also be granted.
x
Groups are only supported at the organization level.
Related pages
Setting the project-related permissions of a group:
Using permission templates (through templates)
Last updated
Was this helpful?