User group concept

To manage user permissions more easily in SonarQube Cloud, the members of your organization are managed through groups.

To manage permissions more easily, the members of an organization are managed through groups. The following applies:

  • Permissions can be set at both user and group levels.

  • A user can belong to several groups within an organization.

  • A user’s permissions are the sum of all the permissions granted to them individually plus all the permissions granted by the groups they are a member of.

Built-in groups are added to each organization. Starting in Team plan, you can define and add custom groups to your organization.

Built-in groups

When a new organization is created, two built-in groups are automatically created for the organization:

  • Members group: This group contains all DevOps platform (DOP) users of the organization. Any DOP user added to the organization is automatically added to this group. See DevOps platform authentication for more details.

  • Owners group: This group is intended to include the organization admins. The organization’s creator, if they use a DOP user account, is automatically added to this group. By default, members of this group have full control over the organization.

You can never delete the Members group, or change its name and composition. Starting in Team plan, you can:

  • Change the permissions of the Members group.

  • Manage the Owners group: change its name, composition, and permissions; or delete it.

The figure below shows the three groups related by default to an organization.

The Members group and Owners group are both assigned to a SonarQube Cloud Organization.

Built-in group permissions on Free plan

This section shows the permissions assigned to the built-in groups in a Free plan organization.

In a Team or Enterprise organization, those permissions are default permissions that you can change.

Organization-level permissions

Permission type

Description

Members

Owners

Administer Quality Gates

Can create and update quality gates that can be applied to the organization’s projects.

x

Administer Quality Profiles

Can create and update quality profiles that can be applied to the organization’s projects.

x

Create Projects

Can create new projects in the organization.

x

Administer

Has full control over the organization.

x

Project-level permissions

Permission Type

Description

Members

Owners

Browse Project

Applies only to private projects. Can view the project.

x

See Source Code

Applies only to private projects. Can view the source code (via API and web view) provided the Browse project permission is also granted.

x

Administer Issues

Can perform the following actions:

• Accept an issue

• Mark an issue as False positive

x

Administer Security Hotspots

Can change the status of a security hotspot. For private projects, the Browse project permission must also be granted.

x

Execute Analysis

Can start an analysis on the project. This includes the ability to get all settings required to perform an analysis (including secured settings like passwords) and to push analysis results to the SonarQube Cloud server.

x

Administer

Can perform the following actions:

• Delete a project.

• Change the project settings including project-level permissions.

• Configure various project functions, such as PDF reporting, snapshots, and webhooks.

For private projects, the Browse project permission must also be granted.

x

Groups are only supported at the organization level.

Last updated

Was this helpful?