# Security features

SonarQube Server comes with a number of global security features:

* On-board authentication and authorization mechanisms.
* The ability to force users to authenticate before they can see any part of a SonarQube Server instance.
* The ability to delegate to authentication.
* Enforce an Azure OpenAI Service endpoint URL domain when [#enabling-ai-generated-fix-suggestions](https://docs.sonarsource.com/sonarqube-server/ai-features/enable-ai-codefix#enabling-ai-generated-fix-suggestions "mention").

Additionally, it’s possible to configure at a group or user level who can:

* See that a project even exists.
* Access a project’s source code.
* Administer a project (set exclusion patterns, tune plugin configuration for that project, etc.).
* Administer Quality Profiles, Quality Gates, and the SonarQube Server instance itself.

Another aspect of security is the encryption of settings such as passwords. SonarQube Server provides a built-in mechanism to encrypt settings.

See:

* [user-accounts](https://docs.sonarsource.com/sonarqube-server/instance-administration/security/user-accounts "mention")
* [user-groups](https://docs.sonarsource.com/sonarqube-server/instance-administration/user-management/user-groups "mention")
* [user-permissions](https://docs.sonarsource.com/sonarqube-server/instance-administration/user-management/user-permissions "mention")
* [setting-project-permissions](https://docs.sonarsource.com/sonarqube-server/project-administration/setting-project-permissions "mention")
* [encrypting-settings](https://docs.sonarsource.com/sonarqube-server/instance-administration/security/encrypting-settings "mention")