Managing user and group permissions at the system level
As a System Administrator, you can grant users and groups global permissions (permissions not related to a project) and you can manage the project-related permissions granted by default when a new project is created.
Permissions can be set automatically depending on the authentication and provisioning method.
Setting the global permissions
Global permissions
Permission type | Description |
---|---|
Administer System | Has full control over the SonarQube instance. |
Administer Quality Gates | Can create and update quality gates that can be applied to the organization’s projects. |
Administer Quality Profiles | Can create and update quality profiles that can be applied to the organization’s projects. |
Execute analysis | Can start an analysis on every project in SonarQube. This includes the ability to get all settings required to perform an analysis (including secured settings like passwords) and to push analysis results to SonarQube. |
Create Projects | Can create new projects in SonarQube Server. |
Create Applications | Can create new applications in SonarQube Server. |
Create Portfolios | Can create new portfolios in SonarQube Server. |
Setting the global permissions of groups and users
To set the global-level permissions of the groups and users:
- In the top navigation bar, go to Administration > Security > Global permissions. The Global Permissions page opens.
- You can search for users or groups.
- In the permissions grid, select a check box to grant the corresponding permission.
Managing project-related permissions through templates
As a global System Administrator, using permission templates allows you to define:
- The permissions granted by default to users, groups, and project creators on new projects, new applications (starting in Developer Edition), or new portfolios (starting in Enterprise Edition).
- Different sets of permissions that a project admin can apply to their project at any time.
Permissions related to a project
Permission Type | Description |
---|---|
Browse Project | Applies only to private projects (Anyone, including anonymous users, can view the public projects.). Can view the project. |
See Source Code | Applies only to private projects. Can view the source code (via API and web view) provided the Browse project permission is also granted. |
Administer Issues | Can perform the following actions:
|
Administer Security Hotspots | Can change the status of a security hotspot. For private projects, the Browse project permission must also be granted. |
Administer project | Can perform the following actions:
For private projects, the Browse project permission must also be granted. |
Execute Analysis on project | Can start an analysis on the project. This includes the ability to get all settings required to perform an analysis (including secured settings like passwords) and to push analysis results to SonarQube. |
Permission template concept
A permission template defines the project-related permissions granted to groups and members of the organization.
You can define several permission templates in your organization:
- You define the default template.
- You can define a template that applies to specific projects according to their key pattern by using a regular expression.
When a new project is created, SonarQube Server uses a permission template to grant the default permissions on the project. It retrieves the template according to the following rules:
- If the project key complies with the project key pattern of a template, then this template is used.
If several templates comply, an error is raised. - Otherwise, the default template is used.
The project admin can then change the permissions if necessary and apply any other template.
Creating a new template
- In the top navigation bar, go to Administration > Security > Permission Templates. The Permission Templates page opens with the list of templates.
- Select the Create button. The Create Permission Template dialog opens.
- Enter the template name and description.
- If you want to apply the template to specific new projects according to their key, enter the corresponding regular expression in Project key pattern.
- Select the Create button. The dialog closes and the new template is displayed.
- Set the permissions by selecting the respective check boxes.
Setting the default template for projects, applications or portfolios
- In the top navigation bar, go to Administration > Security > Permission Templates. The Permission Templates page opens with the list of templates.
- Select the three-dot menu to the far right of the template you want to change.
- In the menu, select Set Default for Projects, Set Default for Applications, or Set Default for Portfolios.
Deleting a template
- In the top navigation bar, go to Administration > Security > Permission Templates. The Permission Templates page opens with the list of templates.
- Select the three-dot menu to the far right of the template you want to delete.
- In the menu, select Delete and confirm.
Changing a template
- In the top navigation bar, go to Administration > Security > Permission Templates. The Permission Templates page opens with the list of templates.
- Select the three-dot menu to the far right of the template you want to change.
- In the menu:
- To change the template name, description or patter: select Update Details.
- To change the template permissions, description or patter: select Edit Permissions.
Applying a permission template to several projects at a time
- In the top navigation bar, go to Administration > Projects > Management.
- Retrieve and select in the grid the projects you want to update.
- In the tool bar, select Bulk Apply Permission Template. The Bulk Apply Permission Template dialog opens.
- Select the template and select Apply.
Restoring administrator access to SonarQube Server
If you lost global administrator access to SonarQube Server, you can restore it by using the API. You can:
- Regrant the global Administer System permission to an existing user.
- Reactivate and/or reset the password of the built-in
admin
account.
Regranting the Administer System permission to a user
Use the query below where <userLogin>
represents the login of the user who should become a system administrator:
Reactivating the built-in admin account
If you changed and then lost the password to the built-in admin
account or deactivated this user, you can activate the user and reset the password using the following query, depending on the database engine:
PostgreSQL and Microsoft SQL Server
Oracle
Related pages
Was this page helpful?