# Security features

SonarQube Server comes with a number of global security features:

* On-board authentication and authorization mechanisms.
* The ability to force users to authenticate before they can see any part of a SonarQube Server instance.
* The ability to delegate to authentication.

Additionally, it’s possible to configure at a group or user level who can:

* See that a project even exists.
* Access a project’s source code.
* Administer a project (set exclusion patterns, tune plugin configuration for that project, etc.).
* Administer Quality Profiles, Quality Gates, and the SonarQube Server instance itself.

Another aspect of security is the encryption of settings such as passwords. SonarQube Server provides a built-in mechanism to encrypt settings.

See:

* [managing-user-authentication](https://docs.sonarsource.com/sonarqube-server/2025.1/instance-administration/user-management/managing-user-authentication "mention")
* [user-groups](https://docs.sonarsource.com/sonarqube-server/2025.1/instance-administration/user-management/user-groups "mention")
* [user-permissions](https://docs.sonarsource.com/sonarqube-server/2025.1/instance-administration/user-management/user-permissions "mention")
* [setting-project-permissions](https://docs.sonarsource.com/sonarqube-server/2025.1/project-administration/setting-project-permissions "mention")
* [encrypting-settings](https://docs.sonarsource.com/sonarqube-server/2025.1/instance-administration/encrypting-settings "mention")