Enterprise Edition Version 10.4.1 (build 88267)
How is SonarQube deployed: Docker
Background: We share one sonar instance with many different teams which will create their own quality profiles and quality gates.
What are you trying to achieve?
How can I prevent each team to modify/delete other team’s quality profiles and quality gates by applying the global template to each team?
What have you tried so far to achieve this?
We have to manually grant the permissions to each quality profile and quality gate. The team who created the quality profiles and quality gates should have the edit permissions and other team can only view them.
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
As long as your users don’t have the global Administer Quality Gates or Administer Quality Profiles permissions, they should only be able to edit those for which they’ve explicitly been assigned permission.
What this means is that they won’t be able to create new Quality Profiles or Quality Gates, only modify new ones created for them.
That could mean you entrust that permission only to a select few or keep that as a global administrator duty (provisioning new quality profiles and gates on request and assigning the permissions so the teams can do whatever).
With all of that said, we really encourage you to try to set organizational standards for Clean Code and not allow the proliferation of many quality profiles and gates on your instance. There should always be a strong Why? behind creating a new profile or gate, not just having a different one for each team because you can.
My question was about those admins from each organizations.
They can potentially modify each other’s quality profiles and quality gates.
Is there way that I can further restrict the perimissions to each admin?
For example, all quality profiles and quality gates that start with team1.* can only be created/modified/deleted by the “team1 admin” group. All quality profiles and quality gates that start with team2.* can only be created/modified/deleted by the “team2 admin” group.
If you’re granting wide-spread admin access to your SonarQube instance, then unfortunately you aren’t going to be able to refine the permissions much further. Admins are admins.